[Snort-users] Snort and certain network cards

Dan Hollis goemon at ...20...
Tue Jan 16 18:58:29 EST 2001


On Wed, 17 Jan 2001, russ yonah wrote:
> I recently heard that certain network cards(ie. intel eepro) drop some
> potentiously malicious, illegaly formed, packets at the hardware level
> before they ever make it to the machine. Does anyone know: Is this true?
> Which cards behave like this? Is there a recommended card for snort which
> doesn't do this?

Some hardware can be programmed to drop illegal frames at a hardware
level, but the hardware will usually tell you when it does so, and you can
always turn it off. In the end, it's the decision of the device driver to
enable such a function or not.

-Dan





More information about the Snort-users mailing list