[Snort-users] Idea for a Denial of Service against Snort
ckoontz at ...131...
Fri Jul 21 20:51:26 EDT 2000
A solution "fix" to this "attack hiding" might be to
have a shadow sensor set up on the same wire as the
snort box... so that you will have a header trail to
just a thought,
--- "Andrew R. Baker" <andrewb at ...2...> wrote:
> Andrea Barisani wrote:
> > Well I don't know if the IDS is going to fault
> with an attack like this,
> > maybe not, I agree with you that the problem could
> be only with the loggin
> > program (such syslog) but however if I want to
> crash snort I think that
> > trigging all the rules again and again could be
> far more difficult to
> > handle that targeting a single rule...
> > These are only suggestion, maybe I'm completely
> wrong...after all that's
> > why I'm posting this on the list ;-)
> While this type of attack against an IDS may not
> crash the IDS, it can
> be useful in hiding a legitimate attack. By
> crafting packets
> designed to trigger alerts, you can create a lot of
> noise. It will be
> difficult to find the one legitimate attack in a set
> of 10000 bogus
> In this case, you want to trigger as many different
> rules as possible,
> not to
> bog down the IDS, but to make it more difficult to
> find the real attack.
> P.S. It would be an interesting tool, but I have no
> plans on writing it
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
---------------ckoontz at ...132...
The above text is a natural product. Slight variations
in spelling and grammar enhance its individual character
& beauty and in no way are to be considered flaws or defects.
Do You Yahoo!?
Get Yahoo! Mail Free email you can access from anywhere!
More information about the Snort-users