Snort mailing list archives
RE: New Trend: Intrusion Prevention
From: Bob Dehnhardt <bob.dehnhardt () trinet com>
Date: Fri, 13 Dec 2002 11:06:00 -0800
Everything I've seen about IPS is that it's intended as another facet of security, not as a replacement for IDS. IPS is useful for preventing attacks that can be identified with a high (99%+) degree of accuracy, like SYN/FIN sweeps. Attacks that may have a significant number of false positives are outside IPS's realm, since having that traffic dropped would likely affect normal network operations. IDS with a real live decision-making person will be used in those cases, just as today. There is no single solution, probably never will be. - Bob Bob Dehnhardt IT Operations Manager - Reno TriNet (775) 327-6407 -----Original Message----- From: Steve Halligan [mailto:giermo () geeksquad com] Sent: Friday, December 13, 2002 10:16 AM To: 'Sheahan, Paul (PCLN-NW)'; Snort List (E-mail) Subject: RE: [Snort-users] New Trend: Intrusion Prevention
I attended Infosecurity 2002 yesterday and there was much talk about intrusion detection going away, and intrusion prevention replacing it. Does anyone know if there are any plans to include intrusion prevention functionality into Snort in the future?
The future is now. http://www.snort.org/dl/contrib/patches/inline/ Also see Hogwash at: http://www.snort.org/dl/contrib/patches/hogwash/ Now one could (and I would) debate the premise that you stated, but that is a whole 'nother can of worms. -steve ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: New Trend: Intrusion Prevention, (continued)
- Re: New Trend: Intrusion Prevention Kevin Black (Dec 15)
- Re: New Trend: Intrusion Prevention Frank Knobbe (Dec 15)
- Re: New Trend: Intrusion Prevention Kevin Black (Dec 15)
- Re: New Trend: Intrusion Prevention Frank Knobbe (Dec 15)
- RE: New Trend: Intrusion Prevention Nathan Whitehouse (Dec 13)
- RE: New Trend: Intrusion Prevention twig les (Dec 13)
- Re: New Trend: Intrusion Prevention Erick Mechler (Dec 13)
- Re: New Trend: Intrusion Prevention Alberto Gonzalez (Dec 13)