Ids Gone Bad presented at ShmooCon 2005

by Brian Caswell,

Tags: Intrusion Detection

URL : http://web.archive.org/web/20050404000611/www.shmoocon.org/program.html

Summary : We've all done Snort. Woopeee. Snort with perl plugins. Its been done. But what happens when the rules nazi gets his title stripped with only the shortest of "we will miss you" thank-you notes? He starts working on the darker side of Snort.

* Think Snort
* Think Snort with Perl
* Think Snort modifiable at runtime, thanks to perl
* Think Snort that gets new rules via packets, thanks to perl
* Think Snort that gets new functionality via packets, thanks to perl
* Think Snort that gets ATTACK functionality, via packets, thanks to perl
* Think Snort as a worm

Ok, So maybe thats a bit too much thinking. Snort, its not just for protecting your cablemodem anymore.