02233

Netværkssikkerhed
Network Security
home

Question 4

Will it be possible to use Snort to detect zero day exploits?

Yes, Snort has been used recently to detect a new vulnerability in Ethereal related to an NT ACE parsing DoS exploit.
It has also been used to detect a 0 day vulnerability in Samba, a file and print serving system in Networks, where the possibility of an integer overflow in an SMB daemon was found be lead to a possible exploit.
Snort is able to do this because of the ease of writing new rules and integrating them into its detection engine.

references to these !!!


home