2 Feb
2004
2 Feb
'04
3:16 a.m.
Mark Piper
The problem with something like snort is when someone tries a code snippet like sneeze (http://www.securiteam.com/tools/5DP0T0AB5G.html) you will soon find that snort / acid has its draw back (even with many many filters it can be a hard thing to track legit traffic from sneeze traffic).
Yes, a determined attacker can find ways to break things. But it does track casual attempts and worm traffic pretty well; and that's been most of our problems up 'til now. (touch wood :) Jamie -- James Riden / j.riden(a)massey.ac.nz / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/