Snort mailing list archives
Which rules to get inline
From: mosquitooth () gmx net
Date: Sun, 6 Mar 2005 22:25:42 +0100 (MET)
Hi, as snort is able to get 'inline' and therefore act as an IPS. But, as there are still some false positives, it seems to me that not every rule is useful in an IPS environment - but which are? I think that especially the BAD_TRAFFIC and BACKDOOR rules won't fail often - so these would be of first choice when deploying an 'IPS'. Do you agree? Which rules do you think would serve this purpose? Thanks for any answers on this poll, Peter -- DSL Komplett von GMX +++ Supergünstig und stressfrei einsteigen! AKTION "Kein Einrichtungspreis" nutzen: http://www.gmx.net/de/go/dsl ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Which rules to get inline mosquitooth (Mar 06)
- <Possible follow-ups>
- re: Which rules to get inline James Affeld (Mar 06)