Snort mailing list archives

Re: Block

From: Frank Knobbe <frank () knobbe us>
Date: Mon, 16 Feb 2004 16:50:23 -0600

On Mon, 2004-02-16 at 12:48, Matt Kettler wrote:

3) snortsam
         - supports a wide variety of firewalls, but acts slightly after 
the fact. This means the packet that contained the trigger gets passed, but 
subsequent packets will get blocked, limiting the impact of the exposure.


While that is true, it can block on more than one enforcement point at
the same time. Plus it can create a semi-permanent (full block on IP for
a defined time interval) block or isolate systems. While not real time,
it has a lot of flexibility going for it.

Cheers,
Frank


(Sorry, haven't pitched Snortsam in a while ;)



-- 
Warning at the Gates of Bill:  
Abandon hope, all ye who press <ENTER> here...

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Snort logging way too much Ochronus (Feb 13)
- Re: Snort logging way too much Martin Roesch (Feb 13)
  - Re[2]: Snort logging way too much Ochronus (Feb 13)
    - Message not available
    - Re[2]: Snort logging way too much Ochronus (Feb 15)
    - Block Israel_Guadalupe_Lopez_Mascorro . . /Administracion/Jalisco (Feb 16)
    - Message not available
    - Re: Block Matt Kettler (Feb 16)
    - Re: Block Paul Schmehl (Feb 16)
    - Re: Block Frank Knobbe (Feb 16)
    - Re: Block Paul Schmehl (Feb 16)
    - Re: Block Frank Knobbe (Feb 16)
    - Re: Block Brian (Feb 16)
    - Re: Block Matt Kettler (Feb 17)