Snort mailing list archives
Re: SHUN
From: Frank Knobbe <fknobbe () knobbeits com>
Date: 03 Dec 2002 00:18:38 -0600
On Tue, 2002-12-03 at 01:37, Alberto Gonzalez wrote:
Maybe I missed something. but what does a white-list of IP's have todo with missing internal attacks? Yes, snortsam does active blocking. doesn't mean the engine it uses stops alerting on malicious packets. You configure the rules to use with snortsam. YOU have control. Just configure snortsam (which uses snort) to listen on the internal interface, or am I just extremly tired?
You must be tired ;) Snort will only send a blocking *request* to SnortSam. It still works as a normal IDS. SnortSam can ignore requests for IP's that are white-listed. One doesn't have anything to do with the other. The IDS is still an IDS is still and IDS... Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: SHUN, (continued)
- RE: SHUN ams67 (Dec 02)
- RE: SHUN Frank Knobbe (Dec 02)
- RE: SHUN ams67 (Dec 02)
- Re: SHUN Alberto Gonzalez (Dec 02)
- Re: SHUN Frank Knobbe (Dec 02)
- Re: SHUN Alberto Gonzalez (Dec 03)
- RE: SHUN ams67 (Dec 02)
- Re: SHUN Alberto Gonzalez (Dec 03)
- RE: SHUN Frank Knobbe (Dec 03)
- RE: SHUN ams67 (Dec 03)
- RE: SHUN Frank Knobbe (Dec 03)