Snort mailing list archives
Re:Easy web-server protection?
From: Shaiful <shaifuljahari () yahoo com>
Date: Wed, 29 Jan 2003 22:36:15 -0800 (PST)
Hi, Snort is an Intrusion Detection System (IDS) not Intrusion Prevention System (IPS). You need something like hogwash or snort-inline to drop the attack. Below is the copy of my email to focus-ids early this morning regarding the similar matter. Hope it helps. Regards, Shaiful
Hi, I've never tried snort-inline but I believed the concept is similar to hogwash. If you want information about similar arrangement, just search for hogwash implementation. Last time I checked there are quite a few. For the last Code Red worm outbreak, I've used hogwash and block Code Red. IMHO, Code Red is worst since it uses port 80 which normally open at the
firewall.
Running hogwash make me think why on earth the idea
of
stopping application attack at layer 2 or 3 is not popular before. Actually I've been waiting for hogwash like program one year before it is released and mostly due to my poor coding skill. The idea is quite old if you bother to search snort mailing
list.
But looking at hogwash code, then I realised it is
not
really rocket science ;-) Regards, Shaiful
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Easy web-server protection? velbloud (Jan 29)
- Re: Easy web-server protection? twig les (Jan 29)
- Re: Easy web-server protection? Javier Liendo (Jan 29)
- <Possible follow-ups>
- Re:Easy web-server protection? Shaiful (Jan 29)
- Re: Re:Easy web-server protection? Eduardo Kita (Jan 30)
- RE: Re:Easy web-server protection? Bob McDowell (Jan 30)