Snort mailing list archives
Re: SHUN
From: Alberto Gonzalez <albertg () cerebro violating us>
Date: Mon, 02 Dec 2002 23:37:40 -0800
ams67 wrote:
Frank -------------------------------------------------------- Of course, white list can minimize the risk of DoS, but it also increase the risk for not detecting an internal attack. Therefore, it is question to choose which is less risky... I personally prefer to leave job of detect network anomalies to an IDS, the job to filter unwanted packet to a FW and the job to decide what is right to stop to the skills of the security operator. The IDS technologies are still in a early stage before I can totally rely on it. I think now they are just good tools to 'help' to make decision. No offence taken, however I mentioned DNS and external router as a simple example. The fact it has been beaten to death does not change the level of potential threat. Tony
Maybe I missed something. but what does a white-list of IP's have todo with missing internal attacks? Yes, snortsam does active blocking. doesn't mean the engine it uses stops alerting on malicious packets. You configure the rules to use with snortsam. YOU have control. Just configure snortsam (which uses snort)
to listen on the internal interface, or am I just extremly tired? - Alberto -- The secret to success is to start from scratch and keep on scratching. -------------------------------------------------------This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SHUN, (continued)
- RE: SHUN ams67 (Dec 02)
- RE: SHUN Frank Knobbe (Dec 02)
- RE: SHUN ams67 (Dec 02)
- Re: SHUN Alberto Gonzalez (Dec 02)
- Re: SHUN Frank Knobbe (Dec 02)
- Re: SHUN Alberto Gonzalez (Dec 03)
- RE: SHUN ams67 (Dec 02)
- Re: SHUN Alberto Gonzalez (Dec 03)
- RE: SHUN Frank Knobbe (Dec 03)
- RE: SHUN ams67 (Dec 03)
- RE: SHUN Frank Knobbe (Dec 03)