Nelson Brito wrote: > I do agree that SNORT is one of the most popular when you are > learning about IDS, but it is possible to attack the IDS engine in a > very easy way: 1) evasion; 2) DoS; 3) Flse Positive; 4) you name > it...
"Evasion" is a problem against any type of detection technology. Ditto for denial of service. Snort, being a misuse detector, does NOT usually have huge false positive problems, it has bad rules or unwanted true positives instead. > I think the best approach is when vendors get the knowledge of how > the vulnerabilties work, This is just a mantra devoid of content. Even then, evasion, false positives, noncontextual alerts and denial of service possibilities will be there to stay. Stefano ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
