[Snort-users] How does Snort protect itself ?
flynngn at ...6811...
Mon Sep 16 05:14:07 EDT 2002
> Not really sure this is what needs to be done. If you run Snort on a
> stealth NIC then it can't be found or tampered with there.
Keep in mind that both Ethreal and the MS Network Monitor had
defects that allowed malicious traffic in the packet stream being
monitored to subvert the machine doing the sniffing. This type of
attack wouldn't need an IP address.
That said, I suspect the basic snort engine is less complicated
than an engine needing to decode hundreds of different protocols
down to the individual field levels so there is probably less
likelihood of undiscovered defects. I don't know if the same can
be said for plug-ins.
Security Engineer - Technical Services
James Madison University
More information about the Snort-users