[Snort-users] SHUN

ams67 ams67 at ...3655...
Mon Dec 2 13:48:02 EST 2002

IMAO IDSs should not interfere with FWs. If I spoof my IP address with
your current, e.g. DNS server and send a forged packet with an attack
signature to your network protected by your IDS/FW integrated system I
can create an easy DoS by stopping legal and operational traffic. 
That is really easy to accomplish (e.g. nmap -D your.good.dns.server,
your.good.external.router, etc..).

My 2 cents


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Mike
Sent: Wednesday, 27 November 2002 6:48 a.m.
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] SHUN


Does SNORT support adding commands to firewalls? As an example, if I
received a BAD packet, I would like to add a filter based on that
information to my firewall. I understand that SNORT cannot decide which
packets are bad, but I would think we would be able to trace an issue
the command has been executed.

Any ideas?

Thanks in advance,


This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list