[Snort-devel] RE: [Snort-users] Possible Queso Fingerprint attempt?

Ookhoi ookhoi at ...1580...
Fri Mar 16 09:34:52 EST 2001


Hi Gregor,

> > You can't blame us for enabling ecn, or linux for supporting ecn. We
> > blame the dumbass provider which installed snort and don't know a
> > thing about it.
> 
> I'd have to agree with you on the braindead NIDS admin issue .. :) But
> again I have to say what does it help YOU as a 2.4 user if it's not
> your fault but you're the one suffering from it? Is finding someone
> else to blame good enough for you?

Well, we would also have suffered from this if the braindead provider
mailed some normal apache logs to our provider (look! they connect to
our port 80!) and our provider would have blocked us for that for sure
as they believe every wanabee-sysadmin and his/her dog without looking
at the facts.

> If it's not enabled by default, we could as well forget this point
> though. :)

Yeah, never meant to be part of a thread like this. :-)  Just wanted
some info as we thought that snort was seeing things that weren't there.
We don't use snort ourself, so we figured, just ask the people who do
use it. 

On the other hand I think it is a good thing this shows up on the snort
mailinglist as it might prevent other snort users from making a fool of
themself.

> > Less secure? I can't see why. And ecn was in 2.4 before it was declared
> > stable, so imnsho it is implemented in a proper way.
> 
> I guess I was unclear on that last statement - what I meant to say was:
> 
> By forcing vendors to QUICKLY release patches to make things work again
> for everybody, and I would consider this patching a very critical part
> of those systems, I fear those patches could lack quality and thus
> POSSIBLY impact security. I wasn't referring to ECN or Linux in this
> case, but all those broken implementations. And I disagree with the FAQ
> that a bugfix can't impact security. Without knowing a particular
> implementation, you can never say that a bugfix can't introduce new
> bugs.
> 
> It's just like I don't like to see this "time to market"-type of
> pressure being the driving factor for product development very much.

Very true. 

	Ookhoi




More information about the Snort-users mailing list