Re: SHUN

[Alberto Gonzalez <albertg () cerebro violating us>]

ams67 wrote:

> Frank
> --------------------------------------------------------
> Of course, white list can minimize the risk of DoS, but it also increase
> the risk for not detecting an internal attack. Therefore, it is question
> to choose which is less risky...
> I personally prefer to leave job of detect network anomalies to an IDS,
> the job to filter unwanted packet to a FW and the job to decide what is
> right to stop to the skills of the security operator. The IDS
> technologies are still in a early stage before I can totally rely on it.
> I think now they are just good tools to 'help' to make decision.
>
> No offence taken, however I mentioned DNS and external router as a
> simple example. The fact it has been beaten to death does not change the
> level of potential threat.
>
> Tony
>
>
>
>
>  

Maybe I missed something. but what does a white-list of IP's have todo 
with missing internal attacks?
Yes, snortsam does active blocking. doesn't mean the engine it uses 
stops alerting on malicious packets.
You configure the rules to use with snortsam. YOU have control. Just 
configure snortsam (which uses snort)
to listen on the internal interface, or am I just extremly tired?

   - Alberto

--
The secret to success is to start from scratch and keep on scratching.




-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users