Snort mailing list archives

RE: RE: [Snort-devel] IDS vs IPS

From: Tom Van Overbeke <tvanoverbeke () ccncsi net>
Date: Fri, 22 Aug 2003 15:36:12 +0200

What about:

if snort sees a scan, send back a RST to the offending ip adress to
terminate the connection ? I heard once that this was possible, any idea how
?


tom.


  -----Original Message-----
  From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Robert Wagner
  Sent: 21 August 2003 15:12
  To: 'Vkmobile () aol com'; snort-devel () lists sourceforge net
  Cc: snort-users () lists sourceforge net
  Subject: [Snort-users] RE: [Snort-devel] IDS vs IPS


  What is your definition of an IPS, or what do you want it to do?

  Example:  I want snort to run on the public side of my network, when it
sees a scan or critical attack, it will notify my firewall (make, model) and
add a blocking rule for the attacker.
    -----Original Message-----
    From: Vkmobile () aol com [mailto:Vkmobile () aol com]
    Sent: Wednesday, August 20, 2003 11:10 AM
    To: snort-devel () lists sourceforge net
    Cc: snort-users () lists sourceforge net
    Subject: [Snort-devel] IDS vs IPS


    So is Snort an IDS or an IPS (Intrusion Prevention) or both?

    Also, how can an IDS be converted to an IPS? Can someone point me in the
right direction such as an FAQ or some website where i can read and learn?

    Thank you.

****************************************************************************
Disclaimer: 
This electronic transmission and any files attached to it are strictly 
confidential and intended solely for the addressee. If you are not 
the intended addressee, you must not disclose, copy or take any
action in reliance of this transmission. If you have received this 
transmission in error, please notify the sender by return and delete
the transmission.  Although the sender endeavors to maintain a
computer virus free network, the sender does not warrant that this
transmission is virus-free and will not be liable for any damages 
resulting from any virus transmitted. 
Thank You.
****************************************************************************

Current thread:

Re: Re: [Snort-devel] IDS vs IPS Mark Teicher (Aug 22)
- <Possible follow-ups>
- RE: [Snort-devel] IDS vs IPS Robert Wagner (Aug 22)
  - RE: RE: [Snort-devel] IDS vs IPS Tom Van Overbeke (Aug 22)
- RE: Re: [Snort-devel] IDS vs IPS Bob Walder (Aug 22)
  - RE: Re: [Snort-devel] IDS vs IPS Frank Knobbe (Aug 22)
  - Re: Re: [Snort-devel] IDS vs IPS Jason (Aug 27)
    - Re: Re: [Snort-devel] IDS vs IPS Stevo (Aug 27)
    - Re: Re: [Snort-devel] IDS vs IPS Frank Knobbe (Aug 27)
    - RE: Re: [Snort-devel] IDS vs IPS Gordon Cunningham (Aug 27)
    - RE: Re: [Snort-devel] IDS vs IPS Frank Knobbe (Aug 27)
    - RE: Re: [Snort-devel] IDS vs IPS twig les (Aug 27)
    - RE: Re: [Snort-devel] IDS vs IPS Frank Knobbe (Aug 27)
    - RE: Re: [Snort-devel] IDS vs IPS Mark Teicher (Aug 28)

(Thread continues...)