Hi Would anyone at SuSE or anyone else like to make a comment about the following on the Snort home pages ... http://www.snort.org/ .... news page Snort Advisory: Integer Overflow in Stream4 Brian @ Wed Apr 16 14:52:33 EDT 2003 Affected Versions: # All versions of the following products are affected: Snort 1.8 through 1.9.1 # Snort CVS - current branch up to version 2.0.0 beta I notice that SuSE 8.2 uses Snort Version 1.9.1 (Build 231) By Martin Roesch (roesch@sourcefire.com, www.snort.org). Will there be an update soon or is the SuSE version of Snort not vulnerable to this bug ? Thanks -- Richard www.sheflug.co.uk
On Donnerstag, 1. Mai 2003 00:44 Richard Ibbotson wrote: Hi
Would anyone at SuSE or anyone else like to make a comment about the following on the Snort home pages ...
http://www.snort.org/ .... news page
it's an interessting software. On the pages I'm missing some screenshots of the product and a quickinstall-help. With the documentation at the moment I have trouble in understanding. How is the alertmessaging by using snort? Regard, Ruprecht ---------------------------------------------------------- Ruprecht Helms IT-Service & Softwareentwicklung Tel./Fax: +49[0]7621 16 99 16 Homepage: http://www.rheyn.de email: info@rheyn.de
Ruprecht
How is the alertmessaging by using snort?
Umm.... not quite sure that I can answer this in the way that you might expect :) Snort *can* be extremely good at detecting traffic across your own network interface. You can detect things that you didn't know about. For example I recently detected a mis-configured SSL installation which was supposed to pass an encrypted session over the net from the U.S. to England. Turns out that some important part of the info wasn't encrypted and snort showed this to me. It can do many things that other software cannot. However, there is a lot of academic argument over the fact that snort - like most other security software - can be compromised. I've discussed this with the OpenBSD people as well as quite a few Linux people. When it works in the way that it should it is quite reliable :) It does give out some good alerts depending on the command line argument that you use to start it. -- Richard www.sheflug.co.uk
participants (2)
-
Richard Ibbotson -
Ruprecht Helms