[Snort-users] options for consideration

L. Christopher Luther CLuther at ...6333...
Tue Apr 22 13:29:05 EDT 2003

Other than the various "attack response" rules that Snort already uses, I
don't really think that an additional feature is feasible/possible.  How
would Snort know that an attack succeeded?  

Snort only monitors the actual traffic on a wire, not processes on any
particular network node.  The best it could do would be to see some type of
response from the compromised network device.  Hence the "attack response"

My two cents... 

- Christopher

-----Original Message-----
From: Slighter, Tim [mailto:tslighter at ...5174...]
Sent: Tuesday, April 22, 2003 3:49 PM
To: Snort-Users (E-mail)
Subject: [Snort-users] options for consideration

What are the possibilities of implementing an additional feature into snort
that would inform the user if an attack was successful or not?  

More information about the Snort-users mailing list