Re: Configuring snort as IPS

[Kevin Ross <kevross33 () googlemail com>]

In simple terms yeah (assuming installing, configuring etc is simple).
However; I would not block anything until you run it in IDS mode for a
while. Do plenty tuning for what rules you need or don't need (use pulled
pork and don't forget the emergingthreats.net rules) and then dealt with
whatever false positives occur in your environment to reduce the chances of
blocking legitimate traffic.

regards,
Kev

On 24 January 2012 14:48, Sandip Bankewar <sbankewar () cloudaccess com> wrote:

>  Hi Fabio,****
>
> ** **
>
> Thanks for your response. I am new to SNORT.****
>
> I have a snort installed so I just need to install this tool right???****
>
> ** **
>
>  ****
>
> Regards,****
>
> Sandip Bankewar****
>
> ** **
>
> *From:* Fabio Almeida [mailto:mentesan () gmail com]
> *Sent:* 24 January 2012 18:57
> *To:* Sandip Bankewar
> *Cc:* snort-users () lists sourceforge net
> *Subject:* Re: [Snort-users] Configuring snort as IPS****
>
> ** **
>
> Hi Sandip,****
>
> ** **
>
> Active response with http://www.snortsam.net/****
>
> ** **
>
> Great and flexible solution, works on many firewall systems and you can
> use on various Snort Sensors, and firewall boxes.****
>
> ** **
>
> Fabio Almeida****
>
> Em 24/01/2012, às 08:09, Sandip Bankewar escreveu:****
>
>
>
> ****
>
> Hi,****
>
>  ****
>
> I don’t want my system to be act as gateway.****
>
>  ****
>
> What is the best way to configure snort as IPS??****
>
>  ****
>
> How can we configure?? Can anyone provide me steps??****
>
>  ****
>
>  ****
>
> Regards,****
>
> Sandip Bankewar****
>
>  ****
>
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
>
> http://p.sf.net/sfu/learndevnow-d2d_______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!****
>
> ** **
>
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!