Re:Easy web-server protection?

[Shaiful <shaifuljahari () yahoo com>]

Hi,

Snort is an Intrusion Detection System (IDS) not
Intrusion Prevention System (IPS). You need something
like hogwash or snort-inline to drop the attack.

Below is the copy of my email to focus-ids early this
morning regarding the similar matter. Hope it helps.

Regards,
Shaiful

> Hi,
>
> I've never tried snort-inline but I believed the
> concept is similar to hogwash.
>
> If you want information about similar arrangement,
> just search for hogwash implementation.  Last time I
> checked there are quite a few.
>
> For the last Code Red worm outbreak, I've used 
> hogwash and block Code Red. IMHO, Code Red is worst
> since it uses port 80 which normally open at the
firewall.
> Running hogwash make me think why on earth the idea
of
> stopping application attack at layer 2 or 3 is not
> popular before.  Actually I've been waiting for
> hogwash like program one year before it is released
> and mostly due to my poor coding skill. The idea is
> quite old if you bother to search snort mailing
list.
> But looking at hogwash code, then I realised it is
not
> really rocket science ;-)
>
> Regards,
> Shaiful


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users