[Snort-users] Idea for a Denial of Service against Snort
Andrew R. Baker
andrewb at ...2...
Fri Jul 21 19:44:41 EDT 2000
Andrea Barisani wrote:
> Well I don't know if the IDS is going to fault with an attack like this,
> maybe not, I agree with you that the problem could be only with the loggin
> program (such syslog) but however if I want to crash snort I think that
> trigging all the rules again and again could be far more difficult to
> handle that targeting a single rule...
> These are only suggestion, maybe I'm completely wrong...after all that's
> why I'm posting this on the list ;-)
While this type of attack against an IDS may not crash the IDS, it can
be useful in hiding a legitimate attack. By crafting packets
designed to trigger alerts, you can create a lot of noise. It will be
difficult to find the one legitimate attack in a set of 10000 bogus
In this case, you want to trigger as many different rules as possible,
bog down the IDS, but to make it more difficult to find the real attack.
P.S. It would be an interesting tool, but I have no plans on writing it
More information about the Snort-users