[Snort-users] Is there a problem with Linux 2.4.0?

Ian Jones ian at ...686...
Thu Jan 11 17:06:49 EST 2001


A useful discussion of ECN as it relates to security:
http://www.sans.org/y2k/ecn.htm

----- Original Message -----
From: "Ryan Russell" <ryan at ...35...>
To: "Jason Haar" <Jason.Haar at ...294...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Thursday, January 11, 2001 1:09 PM
Subject: Re: [Snort-users] Is there a problem with Linux 2.4.0?


> On Fri, 12 Jan 2001, Jason Haar wrote:
>
> > Owch - I forgot to mention I was running snort-1.7...
> >
> > The portscanning one is easy for me to block. I should anyway as I run
> > nmap/nessus from there too. But the "probe-Queso Fingerprint attempt"
and
> > the like would still pop up... I wonder if that rule should be changed
to not
> > match all new Linux systems then... :-)
> >
>
> I wish I could remember more details, or find the thread in the
> archives... perhaps it was an update to the ruleset, rather than Snort
> itself?  Or perhaps I've just misidentified the problem entirely.. but I
> do recall the newer kernels were setting of IDS systems.
>
> Ryan
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/mailman/listinfo/snort-users





More information about the Snort-users mailing list