[Snort-users] IPS mode for snort

waldo kitty wkitty42 at ...14940...
Wed Jun 12 12:29:09 EDT 2013


On 6/12/2013 11:00, Mike Miller wrote:
> 4. If the Bad Guy think's you're actively blacklisting based on IP, they can
> craft packets to make you go deaf. (Like making sure your Snort box is blocking
> access to the outside DNS server...because it received a UDP packet that was
> bad, that it thinks came from the DNS server.)

FWIW: this is where you would white list those external critical systems like 
trusted upstream DNS servers ;)

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list