IDS mailing list archives
snort-inline inbound ruleset?
From: "John Flynn" <johnflynn () fastmail fm>
Date: Sun, 02 Feb 2003 12:09:20 -0600
Hi all, I'm fairly new to the IDS scene. I want to deploy some sort of open source IPS. I've read most of the stuff from the honeynet project and those guys are doing a great job with snort-inline. They have a great default ruleset to filter outgoing traffic. I was wondering if snort-inline is a recommended approach for an IPS at this point and if so, does someone have a good default blocking ruleset for incoming untrusted traffic they could point me to? I have been having a huge problem with false positive rates with snort on my network and i'm struggling to come up with an IPS solution that won't block legitimate traffic. Would people recommend I use hogwash or something else instead of snort-inline? You folks are all doing a great thing here in this list... John Flynn -- http://fastmail.fm - A fast, anti-spam email service.
Current thread:
- RE: snort-inline inbound ruleset? Gonzalez, Albert (Feb 05)
- <Possible follow-ups>
- snort-inline inbound ruleset? John Flynn (Feb 05)
- Re: snort-inline inbound ruleset? Lance Spitzner (Feb 05)