Mark Piper <markp(a)nec.co.nz> writes:
The problem with something like snort is when someone tries a code snippet
like sneeze (http://www.securiteam.com/tools/5DP0T0AB5G.html
) you will soon
find that snort / acid has its draw back (even with many many filters it can
be a hard thing to track legit traffic from sneeze traffic).
Yes, a determined attacker can find ways to break things. But it does
track casual attempts and worm traffic pretty well; and that's been
most of our problems up 'til now. (touch wood :)
James Riden / j.riden(a)massey.ac.nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/