Snort mailing list archives
Questions with this Snort IPS setup
From: Ricky Huang <rhuang.work () gmail com>
Date: Mon, 11 Mar 2013 16:21:35 -0700
Hello all, I am interested in running Snort as an IPS on one of my servers. Following various documentations and help from the mailing list, I was able to load the ipfw related kernel modules (ipdivert_load and firewall_enable), spin up a Snort daemon, add divert rule to ipfw, and test a couple of custom rules. I have questions on a couple of things: 1) With ipfw divert all traffic through Snort, if Snort dies for any reason, I will be effectively locked out. What's the standard practice to leave one with a backdoor to get back to the remote server? 2) A quick search through pulledpork-updated snort.rules shows that there aren't any drop rules; they're all alerts. Is there a standard set of drop rules for an IPS? 3) Are there ways of creating email alerts such that the admin staff receives alert emails on certain events? Thanks for the time in advance!
------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Questions with this Snort IPS setup Ricky Huang (Mar 11)
- Re: Questions with this Snort IPS setup waldo kitty (Mar 12)
- Re: Questions with this Snort IPS setup Ricky Huang (Mar 12)
- Re: Questions with this Snort IPS setup waldo kitty (Mar 12)