Snort mailing list archives
Re: Reputation clarification
From: "Lay, James" <james.lay () wincofoods com>
Date: Wed, 7 Sep 2011 13:03:24 -0600
From: Russ Combs [mailto:rcombs () sourcefire com] Sent: Wednesday, September 07, 2011 12:44 PM To: Lay, James Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Reputation clarification On Wed, Sep 7, 2011 at 12:04 PM, Lay, James <james.lay () wincofoods com> wrote: Hey all! So…I’m doing my upgrade to 2.9.1….very excited. A (possibly idiotic ;)) question I have on the Reputation preprocessor…this is really just an IP based black/whitelist yes? Yes - at the moment. If so, what would be the difference for “whitelisting” via startup command verses using the whitelist, say with: snort –c snort.conf ip and not host bleh Using a bpf can reduce the number of packets that Snort sees which helps performance. Using reputation is a little more flexible since you can reload the config and change the white/black lists on the fly. Also, if I’m reading the below right, does this mean that EVERY time a packet goes to google.com I’ll get an alert? Thanks all. If you enable the alerts, you will get them, subject to any event filters. If you don't want the alerts, don't enable them. Just what I needed...thanks Russ. James ------------------------------------------------------------------------------ Using storage to extend the benefits of virtualization and iSCSI Virtualization increases hardware utilization and delivers a new level of agility. Learn what those decisions are and how to modernize your storage and backup environments for virtualization. http://www.accelacomm.com/jaw/sfnl/114/51434361/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Reputation clarification Lay, James (Sep 07)
- Re: Reputation clarification Russ Combs (Sep 07)
- Re: Reputation clarification Lay, James (Sep 07)
- Re: Reputation clarification Russ Combs (Sep 07)