[Snort-users] snort sensor placement-packet decoding issues

hamid alaei hamid.a85 at ...11827...
Sat Aug 18 06:00:29 EDT 2012


Dear all,
   I have a general question. Suppose we want to install an snort somewhere
in our network. How could we be sure that it is impossible for an intruder
to encapsulate application layer attacks in lower layer packets/frames that
snort can't decode but our network devices understand? I know that snort
may generate some warnings in this case, but it couldn't be enough. It
would be a great help if someone kindly introduce an instruction or a
checklist or so.
Thanks,
Hamid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120818/d87d2cff/attachment.html>


More information about the Snort-users mailing list