Snort mailing list archives
Re: Re:Easy web-server protection?
From: Eduardo Kita <ekita () sef rj gov br>
Date: Thu, 30 Jan 2003 09:37:55 -0200
You can also try Snort+FlexResp. Shaiful wrote:
Hi, Snort is an Intrusion Detection System (IDS) not Intrusion Prevention System (IPS). You need something like hogwash or snort-inline to drop the attack. Below is the copy of my email to focus-ids early this morning regarding the similar matter. Hope it helps. Regards, ShaifulHi, I've never tried snort-inline but I believed the concept is similar to hogwash. If you want information about similar arrangement, just search for hogwash implementation. Last time I checked there are quite a few.For the last Code Red worm outbreak, I've used hogwash and block Code Red. IMHO, Code Red is worstsince it uses port 80 which normally open at thefirewall.Running hogwash make me think why on earth the ideaofstopping application attack at layer 2 or 3 is not popular before. Actually I've been waiting for hogwash like program one year before it is released and mostly due to my poor coding skill. The idea is quite old if you bother to search snort mailinglist.But looking at hogwash code, then I realised it isnotreally rocket science ;-) Regards, Shaiful__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- ============ Eduardo Kita Equipe Unix SEF - RJ ============ ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Easy web-server protection? velbloud (Jan 29)
- Re: Easy web-server protection? twig les (Jan 29)
- Re: Easy web-server protection? Javier Liendo (Jan 29)
- <Possible follow-ups>
- Re:Easy web-server protection? Shaiful (Jan 29)
- Re: Re:Easy web-server protection? Eduardo Kita (Jan 30)
- RE: Re:Easy web-server protection? Bob McDowell (Jan 30)