Snort mailing list archives
Re: IDS vs IPS
From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 22 Aug 2003 12:38:58 -0400
At 09:43 AM 8/22/2003 +0530, Ravi wrote:
> inline-snort I don't know much about, but I think it interacts with the linux kernel's IPTables/netfilter layer directly. As such, it can only work on linux,Does inline not work with windows!!
No inline-snort does not work with Windows... Windows does not have a built in firewall that inline-snort could use, as such it would be impossible for it to do so without commercial software add ons.
Linux on the other hand has IPTables. inline-snort is a project which is very specific to the Linux kernel's firewall capabilities. I don't think it even works with BSD's IPF, but it might.
Snort itself works on windows as an IDS, and snortsam can be run on windows and can reconfigure a checkpoint firewall1 firewall for windows. However, since windows has no decent firewall to start with, you have to buy a separate firewall to use Windows for an IPS of any sort.
Personally, if you're going to go this route, I'd buy a separate hardware firewall such as a Cisco PIX, or some other firewall device that snortsam supports. Being a software firewall on a windows machine makes me mistrust FW-1.. if for no other reason than it's easy to misconfigure the windows machine and have someone exploit it directly. A separate dedicated firewall may have vulnerabilities too, but it's not as likely to be a target of worms like blaster.
------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IDS vs IPS Vkmobile (Aug 20)
- Re: [Snort-devel] IDS vs IPS Jeff Nathan (Aug 21)
- Re: Re: [Snort-devel] IDS vs IPS twig les (Aug 22)
- Re: [Snort-devel] IDS vs IPS pieter claassen (Aug 25)
- Re: IDS vs IPS Matt Kettler (Aug 21)
- Re: IDS vs IPS Ravi (Aug 21)
- Re: IDS vs IPS Stephan Scholz (Aug 22)
- Re: IDS vs IPS Matt Kettler (Aug 22)
- Re: IDS vs IPS Nihar S. Khedekar (Aug 21)
- Re: Re: [Snort-users] IDS vs IPS Yves Boisjoly (Aug 25)
- Re: IDS vs IPS Ravi (Aug 21)
- Re: IDS vs IPS Ravi (Aug 22)
- Available for download? Vkmobile (Aug 21)
- Re: [Snort-devel] Available for download? Brian (Aug 21)
- Re: [Snort-devel] Available for download? Roland Turner (Aug 26)
- Available for download? Vkmobile (Aug 21)
- Re: [Snort-devel] IDS vs IPS Jeff Nathan (Aug 21)