Snort mailing list archives
RE: Re:Easy web-server protection?
From: "Bob McDowell" <bmcdowell () coxhealthplans com>
Date: Thu, 30 Jan 2003 13:18:35 -0600
Yes, I can vouch for this one. I love what it has done for our security situation. Bear in mind, though, that all due care is required. I've already posted some of the pitfalls I ran into. Plus there are a few that I didn't get around to sharing. All that aside, though, flex-resp is better than sliced bread. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Eduardo Kita Sent: Thursday, January 30, 2003 5:38 AM To: Shaiful Cc: snort-users () lists sourceforge net; velbloud () yahoo com Subject: Re: [Snort-users] Re:Easy web-server protection? You can also try Snort+FlexResp. Shaiful wrote:
Hi, Snort is an Intrusion Detection System (IDS) not Intrusion Prevention System (IPS). You need something like hogwash or snort-inline to drop the attack. Below is the copy of my email to focus-ids early this morning regarding the similar matter. Hope it helps. Regards, ShaifulHi, I've never tried snort-inline but I believed the concept is similar to hogwash. If you want information about similar arrangement, just search for hogwash implementation. Last time I checked there are quite a few. For the last Code Red worm outbreak, I've used hogwash and block Code Red. IMHO, Code Red is worst since it uses port 80 which normally open at thefirewall.Running hogwash make me think why on earth the ideaofstopping application attack at layer 2 or 3 is not popular before. Actually I've been waiting for hogwash like program one year before it is released and mostly due to my poor coding skill. The idea is quite old if you bother to search snort mailinglist.But looking at hogwash code, then I realised it isnotreally rocket science ;-) Regards, Shaiful__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- ============ Eduardo Kita Equipe Unix SEF - RJ ============ ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Easy web-server protection? velbloud (Jan 29)
- Re: Easy web-server protection? twig les (Jan 29)
- Re: Easy web-server protection? Javier Liendo (Jan 29)
- <Possible follow-ups>
- Re:Easy web-server protection? Shaiful (Jan 29)
- Re: Re:Easy web-server protection? Eduardo Kita (Jan 30)
- RE: Re:Easy web-server protection? Bob McDowell (Jan 30)