Snort mailing list archives
Re: Which GIDS to use? Snort-inlie, snortsam or hogwash?
From: Frank Knobbe <fknobbe () knobbeits com>
Date: 19 Jan 2003 18:58:19 -0600
On Thu, 2003-01-16 at 18:55, Jason Silverglate wrote:
Which GIDS to use? Snort-inlie, snortsam or hogwash? What are the benefits of each? what are the downsides?
Just for the record, SnortSam is not a GIDS. Snort-Inline and Hogwash to the filtering/blocking on that Snort box. SnortSam just collects blocking requests from several Snort boxes and passes them to firewalls/routers to block there. Completely different in nature. And that is one of the benefits. If you want you 20 Cisco PIXes, 10 Netscreens, and 55 Checkpoint firewalls in your enterprise wide LANS all over the world, all at the same time block out an intruder (in essence, close all your Internet, partner, and links or whatever) for a defined period of time, then SnortSam is for you. It does not block on the Snort box itself, it just acts as a proxy to control other devices. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: Which GIDS to use? Snort-inlie, snortsam or hogwash? Frank Knobbe (Jan 19)