Snort mailing list archives
Re: Block
From: Frank Knobbe <frank () knobbe us>
Date: Mon, 16 Feb 2004 16:50:23 -0600
On Mon, 2004-02-16 at 12:48, Matt Kettler wrote:
3) snortsam - supports a wide variety of firewalls, but acts slightly after the fact. This means the packet that contained the trigger gets passed, but subsequent packets will get blocked, limiting the impact of the exposure.
While that is true, it can block on more than one enforcement point at the same time. Plus it can create a semi-permanent (full block on IP for a defined time interval) block or isolate systems. While not real time, it has a lot of flexibility going for it. Cheers, Frank (Sorry, haven't pitched Snortsam in a while ;) -- Warning at the Gates of Bill: Abandon hope, all ye who press <ENTER> here...
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Snort logging way too much Ochronus (Feb 13)
- Re: Snort logging way too much Martin Roesch (Feb 13)
- Re[2]: Snort logging way too much Ochronus (Feb 13)
- Re: Block Frank Knobbe (Feb 16)
- Re: Block Brian (Feb 16)
- Re: Block Matt Kettler (Feb 17)
- Re: Snort logging way too much Martin Roesch (Feb 13)