[Snort-users] options for consideration
L. Christopher Luther
CLuther at ...6333...
Tue Apr 22 13:29:05 EDT 2003
Other than the various "attack response" rules that Snort already uses, I
don't really think that an additional feature is feasible/possible. How
would Snort know that an attack succeeded?
Snort only monitors the actual traffic on a wire, not processes on any
particular network node. The best it could do would be to see some type of
response from the compromised network device. Hence the "attack response"
My two cents...
From: Slighter, Tim [mailto:tslighter at ...5174...]
Sent: Tuesday, April 22, 2003 3:49 PM
To: Snort-Users (E-mail)
Subject: [Snort-users] options for consideration
What are the possibilities of implementing an additional feature into snort
that would inform the user if an attack was successful or not?
More information about the Snort-users