Snort mailing list archives
Re: Snort IPS
From: Anton Bezkrovny <anton.bezkrovny () lamoda ru>
Date: Thu, 4 Aug 2016 10:16:10 +0300
I thing - before ips implement firewall, for filtering network level. After, IPS for filtering application level. *From:* Dave Osbourne [mailto:dave () osbourne uk eu org] *Sent:* Wednesday, August 03, 2016 5:50 PM *To:* Russ; snort-users () lists sourceforge net *Subject:* Re: [Snort-users] Snort IPS Ok, for "traffic" read "volume" i.e. link saturation. Ironically, the only DDOS(s) that I experience regularly *are* link saturation level events (2GB+)... I don't see any examples of syn attacks that aren't deal with at application level anyway. It would be interesting to know what general intrusions people use snort to prevent (that had it not been there would not have been a non issue anyway). My specific use is between an external application and internal database servers that otherwise would have mean a complex API being written and maintained. D On 2016-08-03 15:42, Russ wrote: Snort can do rate-based attack prevention. Check the manual or README.filters for rate_filter. On 8/3/16 9:03 AM, Dave Osbourne wrote: I use snort as an IPS, but it won't prevent a traffic based DDOS. You'll need a separate plan for them. D On 2016-08-03 13:11, Al Lewis (allewi) wrote: https://www.snort.org/faq/what-can-i-do-with-snort You can find some information in the manual (in the snort download) and on the web here: http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node2.html *Albert Lewis* ENGINEER.SOFTWARE ENGINEERING SOURCE*fire*, Inc. now part of *Cisco* Email: allewi () cisco com *From: *Latif Shaikh <latif.shaikh7 () gmail com> *Date: *Wednesday, August 3, 2016 at 7:38 AM *To: *'snort-users' <snort-users () lists sourceforge net> *Subject: *[Snort-users] Snort IPS Now I am using snort as IDS in our network environment. I heard that snort have IPS mechanism. But I have not get any doc or any URLs to prevent DDOS attack or syn attack. @All: Can you please help me how to use snort as IPS? -- ---------------------------- Thanks & Regards, Latif Shaikh ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! -- __________________________________________________________________________ CONFIDENTIALITY NOTICE: The information contained in the present message (including any information contained in attachments herein) may be confidential and privileged. It may be read, copied and used only by the intended recipient. If you have received it in error please contact the sender (by return e-mail) immediately and delete this message. Any unauthorized use or dissemination of this message in whole or in parts is strictly prohibited. Print this message only if sharp necessary. УВЕДОМЛЕНИЕ О КОНФИДЕНЦИАЛЬНОСТИ: Информация, содержащаяся в настоящем сообщении (включая любое вложение) может быть конфиденциальной и охраняться действующим законодательством. Сообщение может быть прочитано, скопировано и использовано исключительно лицом, которому сообщение предназначается. Если Вы получили настоящее сообщение по ошибке, пожалуйста, незамедлительно сообщите об этом отправителю (ответным письмом по электронной почте). Любое несанкционированное использование или распространение информации, содержащейся в настоящем сообщении в целом или в части, строго запрещены. Не распечатывайте настоящее сообщение, если в этом нет крайней необходимости.
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort IPS Latif Shaikh (Aug 03)
- Re: Snort IPS Al Lewis (allewi) (Aug 03)
- Re: Snort IPS Dave Osbourne (Aug 03)
- Re: Snort IPS Russ (Aug 03)
- Re: Snort IPS Dave Osbourne (Aug 03)
- Re: Snort IPS Anton Bezkrovny (Aug 04)
- Re: Snort IPS Dave Osbourne (Aug 03)
- Re: Snort IPS Al Lewis (allewi) (Aug 03)