[Snort-users] run sneeze

Richard Bejtlich taosecurity at ...11827...
Tue Aug 8 06:10:24 EDT 2006


Jesus Galvez wrote:
>
>"I've never heard of sneeze before, does it establish full session attacks?"
>
>Sneeze just takes the protocol and string of the rules that you indicate and
>generates the alert.

Not exactly.  I wouldn't bother using Sneeze, at least for TCP. Ref:

http://marc.theaimsgroup.com/?l=focus-ids&m=110030228225521&w=2

Sincerely,

Richard




More information about the Snort-users mailing list