Snort mailing list archives
Re: Re: [Snort-users] IDS vs IPS
From: Yves Boisjoly <Yves.Boisjoly () sympatico ca>
Date: Fri, 22 Aug 2003 08:47:49 -0400 (EDT)
I didn't read all the history of this thread but, seeing that it's seams to be about Snort vs Dynamic Firewall, I invites you to take a look at my recent Perl script called "Master-Slave.pl". It actually look into the syslog log file and search for any "Snort" related lines. It then check the priority level and if it is equal to "1", it create the appropriate rule into iptable to block the attack. Every aspects is configurable, it`s dynamic! And it work so well... It's available for free as an Open Source project onto SoureForge at: http://sourceforge.net/projects/master-slave/ More on my personnal website at: http://www3.sympatico.ca/lepetittuxervateur/index_.html Click the button "Le projet Master-Slave". Please, use any browser then Explorer, as this one doesn't digest weel my graphic button as .png files ;-) For any question, feel free to ask me at yves.boisjoly () sympatico ca On Thu, 21 Aug 2003, Matt Kettler wrote: MK >At 12:10 PM 8/20/2003 -0400, Vkmobile () aol com wrote: MK >>So is Snort an IDS or an IPS (Intrusion Prevention) or both? MK >> MK >>Also, how can an IDS be converted to an IPS? Can someone point me in the MK >>right direction such as an FAQ or some website where i can read and learn? MK > MK >Snort itself is an IDS, and specifically a NIDS (network IDS) as opposed to MK >a HIDS (host IDS). There are tools like inline-snort and snortsam which MK >make it into an IPS by allowing it to interact with a firewall to block MK >packets. MK > MK >Snortsam is quite powerful, but it acts slightly after the offending MK >packet, so it won't block the packet that caused the alert. It's capable of MK >reconfiguring a wide variety of firewalls, including hardware boxes like MK >the cisco PIX. MK > MK >inline-snort I don't know much about, but I think it interacts with the MK >linux kernel's IPTables/netfilter layer directly. As such, it can only work MK >on linux, but might be able to block packets in true realtime. (at the MK >expense of some network slowdown if your rules are complex). MK > MK > MK > MK > MK > MK >------------------------------------------------------- MK >This SF.net email is sponsored by: VM Ware MK >With VMware you can run multiple operating systems on a single machine. MK >WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines MK >at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 MK >_______________________________________________ MK >Snort-devel mailing list MK >Snort-devel () lists sourceforge net MK >https://lists.sourceforge.net/lists/listinfo/snort-devel MK > -- Yves Boisjoly, Administrateur systèmes UNIX Yves.Boisjoly () sympatico ca ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IDS vs IPS Vkmobile (Aug 20)
- Re: [Snort-devel] IDS vs IPS Jeff Nathan (Aug 21)
- Re: Re: [Snort-devel] IDS vs IPS twig les (Aug 22)
- Re: [Snort-devel] IDS vs IPS pieter claassen (Aug 25)
- Re: IDS vs IPS Matt Kettler (Aug 21)
- Re: IDS vs IPS Ravi (Aug 21)
- Re: IDS vs IPS Stephan Scholz (Aug 22)
- Re: IDS vs IPS Matt Kettler (Aug 22)
- Re: IDS vs IPS Nihar S. Khedekar (Aug 21)
- Re: Re: [Snort-users] IDS vs IPS Yves Boisjoly (Aug 25)
- Re: IDS vs IPS Ravi (Aug 21)
- Re: IDS vs IPS Ravi (Aug 22)
- Available for download? Vkmobile (Aug 21)
- Re: [Snort-devel] Available for download? Brian (Aug 21)
- Re: [Snort-devel] Available for download? Roland Turner (Aug 26)
- Available for download? Vkmobile (Aug 21)
- Re: [Snort-devel] IDS vs IPS Jeff Nathan (Aug 21)