Service provider takeaway: Snort isn't perfect. In this tip, service providers will learn the answers to frequently asked questions about Snort's usage and limitations.
In this edition of the Snort Report, I address some of the questions frequently asked by service providers who are users or potential users of Snort. I say "potential users" because some people hear about Snort and wonder if it can solve a particular problem. Here I hope to provide realistic expectations for service providers using Snort.
Again, please note I did not write the words "Snort isn't perfect." The editor did. This is one of the aspects of the Snort Report I do not control. In this article I address these questions.
- Can I use Snort to protect a network from denial-of-service attacks?
- Can Snort decode encrypted traffic?
- Can Snort detect layer 2 attacks?
- Can Snort log flows or sessions?
- Can Snort rebuild content from traffic?
If you like this article and have your own Snort questions, please post them here as comments. Thank you.