[Snort-users] IPS mode for snort
wkitty42 at ...14940...
Wed Jun 12 12:29:09 EDT 2013
On 6/12/2013 11:00, Mike Miller wrote:
> 4. If the Bad Guy think's you're actively blacklisting based on IP, they can
> craft packets to make you go deaf. (Like making sure your Snort box is blocking
> access to the outside DNS server...because it received a UDP packet that was
> bad, that it thinks came from the DNS server.)
FWIW: this is where you would white list those external critical systems like
trusted upstream DNS servers ;)
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users