[Snort-users] How does Snort protect itself ?
Vinay A. Mahadik
VAMahadik at ...6245...
Tue Sep 10 19:48:03 EDT 2002
I think KDR wanted to know how Snort uses anti-evasion mechanisms, not
how it can be secured against buffer-overflows or DoS and the like. The
things that I mentioned memcap, timeouts, '-z est', randomized stream4's
flush-points etc are some clues.. it's an interesting question, and if
you have experience with the source please do pour in your finds..
Semerjian, Ohanes wrote:
> I agree 100% with twig les, best way to protect the sensor is by harnding
> the OS (install only mini required packages for the sensor to function)
> apply patches, close all ports and leave only thats required, use IPless
> interface and one admin interface which u could ssh to connect to it, run
> file integrity tools like AID (similar to Tripwire but its free).
> Best Regards
> Ohanes Semerjian
> PGP kEY
> 6604 2A46 E64F BEBF A4B7 9D01 9E08 399C 9D45 3254
More information about the Snort-users