Snort mailing list archives

Re: difference between the capability of snort and a dynamic firewall!??!?!!?

From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 14 Aug 2002 10:30:03 -0400

Firewalls are intended to block traffic, and log events.

Intrusion detection systems are intended to have an extensive database ofintrusion signatures and log the attempts so you can use them to improveyour firewall rules, and as forenzic information when a successfulintrusion occurs.

Intrusion detection systems are *NOT* intended to be afirst-line-of-defense against network intrusion, merely analysis of them. Acarefuly planed out firewall ruleset is infinitely better than any dynamicruleset that snort can wind up creating via tools like hogwash, but toolslike hogwash make a great second-line for cases where the firewall fails toprevent an attack.

Picture a firewall as a lock, and snort as an alarm system.. If the alarmgoes off you can have it activate locks in the building, and call thepolice, but locking your door in the first place is a better idea. Thealarm is there for when the lock fails and is not a first-line of defense.


At 06:31 AM 8/14/2002 -0700, funky wrote:

Hi,

What's the fondamental difference between Intrusion
Detection Systems and a firewall!?!?!?

- I know that we can log the attempts that matches
with the rules with snort and later if you see an
attack in log , you can add some rules related to the
firewall
- we can look an the content (we can do that in
dynamic(proxy) firewalls also!!)
- We can make a dynamic rule match, what it is
for?!?!? There isn't any dynamic rules in standart
ruleset!?!??! Is it a difference from standart
firewall?!?! if, what!??!

thanx

funky
Istanbul

__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com


-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Preprocessor logging (was: Log vs. Alert --end the confusion!) Williams Jon (Aug 13)
- Re: Preprocessor logging (was: Log vs. Alert --end the confusion!) Chris Green (Aug 13)
- difference between the capability of snort and a dynamic firewall!??!?!!? funky (Aug 14)
  - Re: difference between the capability of snort and a dynamic firewall!??!?!!? Matt Kettler (Aug 14)