[Snort-users] Idea for a Denial of Service against Snort

Andrea Barisani lcars at ...96...
Thu Jul 20 07:15:41 EDT 2000


On Thu, 20 Jul 2000, Tom Whipp wrote:

> 
> What I don't understand is why you want to tigger all the alerts - surely
> processing some of these would be more time consuming than others.  I can
> understand that a wide range of alerts would be morelikely to overload a
> system such as swatch but if your trying to DOS the IDS itself then I'd have
> thought single rules would be the target.
> 
> 	Tom

Well I don't know if the IDS is going to fault with an attack like this,
maybe not, I agree with you that the problem could be only with the loggin
program (such syslog) but however if I want to crash snort I think that
trigging all the rules again and again could be far more difficult to
handle that targeting a single rule...

These are only suggestion, maybe I'm completely wrong...after all that's
why I'm posting this on the list ;-)

------------------------------------------------------------
INFIS Network Administrator & Security Officer
Department of Physics       - University of Trieste
lcars at ...96... - PGP Key 0x8E21FE82
------------------------------------------------------------
"How would you know I'm mad?" said Alice.
"You must be,'said the Cat,'or you wouldn't have come here."
------------------------------------------------------------





More information about the Snort-users mailing list