[Snort-users] Is Snort susceptible to AET's?

Martin Roesch roesch at ...1935...
Wed Oct 20 12:42:03 EDT 2010


Since the "news" reports are just basically reposting the StoneSoft
press release there's not a lot to go by.

Probably the best analysis I've seen so far is from Stefano Zanero.

http://raistlin.soup.io/post/82972413/Advanced-Anti-Evasion-Super-Mega-Ultra?ref=nf

:)


On Wed, Oct 20, 2010 at 11:03 AM, Andy Berryman <aberryman at ...14758...> wrote:
> Saw a couple articles about AET’s (advanced evasion techniques) and wondered
> if Snort was susceptible to them. I have an idea, but wanted to know the
> correct answer.
>
>
>
> http://darkreading.com/security/perimeter/showArticle.jhtml?articleID=227900122
>
>
>
> http://news.yahoo.com/s/nm/20101018/wr_nm/us_internet_security
>
>
>
>
>
> Thanks,
>
> Andy Berryman
>
> ________________________________
> This message from Cymtec Systems, Inc. contains confidential information and
> is solely for the use of the recipient(s) named above. If you are not the
> intended recipient or an agent responsible for delivering it to the intended
> recipient, you are hereby notified that you have received this message in
> error and that any review, disclosure, copying, distribution or use of the
> contents of this message is strictly prohibited. If you have received this
> message in error, please destroy it immediately and notify Cymtec Systems,
> Inc. by telephone at +1.314.993.8700 or by return e-mail.
> ________________________________
>
> ------------------------------------------------------------------------------
> Nokia and AT&T present the 2010 Calling All Innovators-North America contest
> Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
> http://p.sf.net/sfu/nokia-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org




More information about the Snort-users mailing list