Snort strength/DoS

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!


I was learning about snort and was wondering if someone could give me a
brief overview of some "strengths" associated with Snort.. i am reading
up on it online, but thought it would be better if someone who has had
prior first-hand experience on the topic could list some of the
"strengths" of it.. i know that there is a lot of talk about false
alarm rates, but it still is one of the most popular IDS.. why? (some
more concrete reasons besides the signature database..)

and also how does snort respond to DoS attacks? he purpose is to send
specially crafted packets that slow down Snort to the point where it
can no longer keep up with the traffic,and hence will miss attacks.
how exactly does this mechanism work and what is a possibly solution to
thwart this attack?


Site Timeline