Snort mailing list archives
Re: Configuring snort as IPS
From: JJC <cummingsj () gmail com>
Date: Tue, 24 Jan 2012 09:43:46 -0700
And running it via Barnyard2 is a better method than patching snort, it allows for more long-term supportability and ease of upgrading your snort system(s) without having to wait for a new snort patch etc etc... On Tue, Jan 24, 2012 at 9:16 AM, Joel Esler <jesler () sourcefire com> wrote:
Okay, I'm going to be pedantic for a minute. Snortsam isn't "active response" it's "reactive response". It will take action after "x" occurs, post alert. IPS, by our definition is the ability to drop a packet inline, meaning *at* alert time. I also don't think you have to patch Snort anymore to get Snortsam. I think it's built into Barynard2 now. On Tue, Jan 24, 2012 at 8:27 AM, Fabio Almeida <mentesan () gmail com> wrote:Hi Sandip, Active response with http://www.snortsam.net/ Great and flexible solution, works on many firewall systems and you can use on various Snort Sensors, and firewall boxes. Fabio Almeida Em 24/01/2012, às 08:09, Sandip Bankewar escreveu: Hi,**** ** ** I don’t want my system to be act as gateway.**** ** ** What is the best way to configure snort as IPS??**** ** ** How can we configure?? Can anyone provide me steps??**** ** ** ** ** Regards,**** Sandip Bankewar**** ** ** ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJPHrHAAAoJEOvN6k4KDu4agFsH/1e/bytty+QBacvwYDdhawrA 6f+ua6lerdaZwLJ1Ll9NCSDO1WMACikfAn1jSB+3eGzNYvB4xUPYZk5p5HJHCN8K ISm8sDk/wcfnN9FcBKX+Czqt7XMYL93KMZvSI8q+bwGTlliGaDkzwhcLMKd1SY+d XySYt6XuWbk002Sx/ummcy4kGGr4v48FCsBo4fNlWBVACsmcp7vCx0QPcfw+MGp9 MMC/HW+CjXJrXeET/W5hzoRICSRSEfx7dEDLsrMcFiaWc56kMmoG7c2cRmlnNzTq 4/Pw0wNmoxGM48A/Rt1JI8M93gs6LjFCEkWO2+L7aaalFSftzqmUwYxTZy877aU= =uJq6 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!-- Joel Esler | http://blog.snort.org | http://vrt-blog.snort.org | http://blog.clamav.net Twitter: http://twitter.com/snort ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Configuring snort as IPS Sandip Bankewar (Jan 24)
- Re: Configuring snort as IPS Kevin Ross (Jan 24)
- Re: Configuring snort as IPS Fabio Almeida (Jan 24)
- Re: Configuring snort as IPS Sandip Bankewar (Jan 24)
- Re: Configuring snort as IPS Fabio Almeida (Jan 24)
- Re: Configuring snort as IPS Kevin Ross (Jan 24)
- Re: Configuring snort as IPS JJC (Jan 24)
- Re: Configuring snort as IPS Sandip Bankewar (Jan 24)
- Re: Configuring snort as IPS Joel Esler (Jan 24)
- Re: Configuring snort as IPS JJC (Jan 24)
- Re: Configuring snort as IPS Kevin Ross (Jan 25)
- Re: Configuring snort as IPS Joel Esler (Jan 25)
- Re: Configuring snort as IPS Kevin Ross (Jan 25)
- Re: Configuring snort as IPS Joel Esler (Jan 25)