Snort mailing list archives
Re: Detecting Broadcast with Snort
From: twig les <twigles () yahoo com>
Date: Fri, 21 Feb 2003 13:13:29 -0800 (PST)
Actually I think we're both on the same track, the destination being that snort shouldn't do anything. If your network has excessive broadcasts then it has a problem (worm, arp storm, whatever). The admin needs the fix the underlying problem, not depend on snort as a swiss-army knife (that's netcat anyway:) to do everything. Notification is enough. --- Matt Kettler <mkettler () evi-inc com> wrote:
Oh, I agree it would be a neat detection plugin.. and something that can likely be implemented by writing a plugin to the snort code. I was more going on just wondering what "corrective action" snort was expected to take :) At 11:41 AM 2/21/2003 -0800, twig les wrote:This would be a neat plugin though - broadcast thresholdalerts.Once we netadmin types get a baseline it'd be nice to have warning when NIC driver goes nutso and starts broadcasting or somthing.------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
===== ----------------------------------------------------------- Know yourself and know your enemy and you will never fear defeat. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ ------------------------------------------------------- This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Detecting Broadcast with Snort Ramon Barquier (Feb 21)
- Re: Detecting Broadcast with Snort Matt Kettler (Feb 21)
- Re: Detecting Broadcast with Snort twig les (Feb 21)
- Re: Detecting Broadcast with Snort Matt Kettler (Feb 21)
- Re: Detecting Broadcast with Snort twig les (Feb 21)
- Re: Detecting Broadcast with Snort Matt Kettler (Feb 21)
- Re: Detecting Broadcast with Snort twig les (Feb 21)
- Re: Detecting Broadcast with Snort Matt Kettler (Feb 21)
- Re: Detecting Broadcast with Snort Gene Yoo (Feb 22)
- Re: Detecting Broadcast with Snort Matt Kettler (Feb 22)
- Re: Detecting Broadcast with Snort Frank Knobbe (Feb 22)
- Re: Detecting Broadcast with Snort Gene Yoo (Feb 24)
- <Possible follow-ups>
- Re: Detecting Broadcast with Snort james (Feb 24)