|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: ams67 (ams67_at_xtra.co.nz)
Date: Tue Dec 03 2002 - 00:28:41 CST
-----Original Message-----
>From: snort-users-admin
lists.sourceforge.net
[mailto:snort-users->adminlists.sourceforge.net] On Behalf Of Alberto
Gonzalez
>Sent: Tuesday, 3 December 2002 8:38 p.m.
>Cc: snort-userslists.sourceforge.net
>Subject: Re: [Snort-users] SHUN
>
>Maybe I missed something. but what does a white-list of IP's have todo
>with missing internal attacks?
>Yes, snortsam does active blocking. doesn't mean the engine it uses
>stops alerting on malicious packets.
>You configure the rules to use with snortsam. YOU have control. Just
>configure snortsam (which uses snort)
>to listen on the internal interface, or am I just extremly tired?
Perhaps I am the one who is missing something. I do not know snortsam (I
will try it for sure). I thought that a white-list is the list of ip
addresses that snortsam will not block and 'analyze' as snort does when
you put the DNS ip address to avoid false positive. However I am would
like to understand how snortsam can manage a syn flood attack where the
ip source is randomly generate for each packet sent. (e.g. synk4).
Filling up the logs, and blocking hundreds o thousand of random ip
address would not be consider a successful DoS?
Tony
-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T
handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]