[Snort-users] frag3_engine policy in heterogeneous env.
chris.ryan at ...348...
Wed Jun 25 08:32:34 EDT 2008
as far as i understand, the policies "emulate" the target host OS
defragmentation to avoid an evasion of the ids.
For now, we have a very heterogeneous environment and cannot map the
subnets to specific operating systems. In effect, the "bind-to" combined
with "policy xyz" is not applicable.
So, my guess is, i've to use one frag3_engine policy for all the traffic
(with possible evasion side effect to ids). The default engine is "BSD".
Is "BSD" a good choice for such a heterogeneous environment?
Thanks in advance, Chris.
More information about the Snort-users