Snort mailing list archives
Re: Configuring snort as IPS
From: Fabio Almeida <mentesan () gmail com>
Date: Tue, 24 Jan 2012 13:54:10 -0200
The short answer is: 1 - You'll need to patch snort and recompile 2 - Adjust the rules you want to take an "active response" 3 - Install the snortsam agent on your firewalls 4 - Configure snortsam to take actions based on your firewall system and policies That's all, the overall setup may seem a little complex but for sure it's worthwhile the trouble. Just for the sake of completeness, you can put together these softwares to make a good IDS/IPS system: - Snort + snortsam - Pulledpork - Barnyard - MySQL - Snorby - Snortsam Agents Regards, Fabio Almeida Em 24/01/2012, às 12:48, Sandip Bankewar escreveu:
Hi Fabio, Thanks for your response. I am new to SNORT. I have a snort installed so I just need to install this tool right??? Regards, Sandip Bankewar From: Fabio Almeida [mailto:mentesan () gmail com] Sent: 24 January 2012 18:57 To: Sandip Bankewar Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Configuring snort as IPS Hi Sandip, Active response with http://www.snortsam.net/ Great and flexible solution, works on many firewall systems and you can use on various Snort Sensors, and firewall boxes. Fabio Almeida Em 24/01/2012, às 08:09, Sandip Bankewar escreveu: Hi, I don’t want my system to be act as gateway. What is the best way to configure snort as IPS?? How can we configure?? Can anyone provide me steps?? Regards, Sandip Bankewar ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Configuring snort as IPS Sandip Bankewar (Jan 24)
- Re: Configuring snort as IPS Kevin Ross (Jan 24)
- Re: Configuring snort as IPS Fabio Almeida (Jan 24)
- Re: Configuring snort as IPS Sandip Bankewar (Jan 24)
- Re: Configuring snort as IPS Fabio Almeida (Jan 24)
- Re: Configuring snort as IPS Kevin Ross (Jan 24)
- Re: Configuring snort as IPS JJC (Jan 24)
- Re: Configuring snort as IPS Sandip Bankewar (Jan 24)
- Re: Configuring snort as IPS Joel Esler (Jan 24)
- Re: Configuring snort as IPS JJC (Jan 24)
- Re: Configuring snort as IPS Kevin Ross (Jan 25)
- Re: Configuring snort as IPS Joel Esler (Jan 25)
- Re: Configuring snort as IPS Kevin Ross (Jan 25)
- Re: Configuring snort as IPS Joel Esler (Jan 25)