[Snort-users] RE: Attack on snort running in Public Zone

Aaron microchp at ...10572...
Mon Nov 17 06:38:21 EST 2003


I prefer *nix as well and always will, though not for that reason. 

Most people dont know about the values you can change in the windows 
registry to perform many of the same things you can do in 
ndd/sysctl/etc..

Here is just one of the things you can do to help handle those 
attacks:

http://www.winguides.com/registry/display.php/1236/

Always export your entire registry before making any changes.

There are several other values you can change that help a little, such 
as a few of the tweaks mentioned at speedguide.net.

The only feature that is missing from windows that I would like to see 
borrowed from linux is something "like" SynCookies.

(This of course is only if you are forced to, or feel inclined to run 
snort on windows... I only use RH9 for snort, but I am a distant 
relative to the penguin).

Aaron






More information about the Snort-users mailing list