Snort mailing list archives
Re: Snort 2.20 Denial Of Service Exploit
From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 23 Dec 2004 12:21:07 -0500
At 08:37 AM 12/23/2004, Wes Young wrote:
Question, does this have to be directed at the sniffing interface?? or if you are using snort as a pass through (as you should be) will it be effected just be "seeing" the packets????
Given the model in which snort operates (lipcap capture) there is no difference to snort between a packet addressed to the sniffing interface vs a packet that is just on the wire. Snort isn't even aware of what the address of the sniffing interface is in the first place, so it could engage no different behavior that would make the exploit depend on a packet being addressed there.
Thus, for any and all snort exploits, wether the packet is address to the sniffing interface or not is never an issue. It's all the same in the snort processing, so it's all the same in snort exploitation.
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users.Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Configuration in large network. ashish natvarlal kuvawala (Dec 23)
- Snort 2.20 Denial Of Service Exploit M. Shirk (Dec 23)
- Re: Snort 2.20 Denial Of Service Exploit Wes Young (Dec 23)
- Re: Snort 2.20 Denial Of Service Exploit Matt Kettler (Dec 23)
- Re: Snort 2.20 Denial Of Service Exploit Wes Young (Dec 23)
- Snort 2.20 Denial Of Service Exploit M. Shirk (Dec 23)