[Snort-users] How does Snort protect itself ?

Vinay A. Mahadik VAMahadik at ...6245...
Tue Sep 10 19:48:03 EDT 2002

Hey Guys,

I think KDR wanted to know how Snort uses anti-evasion mechanisms, not 
how it can be secured against buffer-overflows or DoS and the like. The 
things that I mentioned memcap, timeouts, '-z est', randomized stream4's 
flush-points etc are some clues.. it's an interesting question, and if 
you have experience with the source please do pour in your finds..


Semerjian, Ohanes wrote:

> I agree 100% with twig les, best way to protect the sensor is by harnding
> the OS (install only mini required packages for the sensor to function)
> apply patches, close all ports and leave only thats required, use IPless
> interface and one admin interface which u could ssh to connect to it, run
> file integrity tools like AID (similar to Tripwire but its free). 
> Best Regards
> Ohanes Semerjian
> PGP kEY 
> 6604 2A46 E64F BEBF A4B7  9D01 9E08 399C 9D45 3254

More information about the Snort-users mailing list