Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS vs IPS

From: "Nihar S. Khedekar" <nihar () ncb ernet in>
Date: Fri, 22 Aug 2003 11:29:26 +0530 (IST)

Yesterday, Matt Kettler wrote,

Snortsam is quite powerful, but it acts slightly after the offending
packet, so it won't block the packet that caused the alert. It's capable of
reconfiguring a wide variety of firewalls, including hardware boxes like
the cisco PIX.


Do we call this as an IPS?
I believe, this is something known as "Active Response"

Intrusion Prevention, i guess, is when you can stop the intrusion before it
occurs. IDS detects intrusive packets from the copy of the original packet.
But in case of an IPS, the system works on the original packet itself,
so the intrusive packet itself can be stopped, and thus successfuly avert a
probable intrusion.

 regards,
 Nihar

---------
Do not believe in miracles, rely on them.
---------
 VSE, CNIE Div. NCST, 68, E-City, Bangalore, 560100.
 Registered Linux user #286145
 Ph.  +91 80 852 3300 Extn: 1200
 http://www.ncb.ernet.in/~nihar




-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: