[Snort-users] Has anybody checked this out?

Dr SuSE drsuse at ...748...
Tue Jan 30 22:03:28 EST 2001


Hmm, perhaps he forgot to include a rule set in his snort.conf file. 
I find it very hard to believe that out of 100,000 attacks Snort detected zero.
Could it be that the 100,000 attacks were the same and there simply was not 
Snort signature for this particular attack or maybe there was but it somehow 
got removed or commented out.....



"No, that's not what I mean.
I mean that last time I tried, Prelude reported more than
100000 attacks while Snort reported 0.
Because Snort doesn't seem to detect theses low level attack.
And AFAIK, Snort doesn't provide an API for stuff like state remembering
for Detection Plugin (if they have plugin, last time I looked at it they had 
not)."


> http://www.freshmeat.net/projects/prelude/
> 
> 
> --shawn
> 
> -- 
> s h a w n   m o y e r
> shawn at ...1184...
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> 




---------------------------------------------
Microsoft ist nicht installiert.
http://www.drsuse.org/






More information about the Snort-users mailing list