Snort mailing list archives
RE: multiple questions
From: "Michael Steele" <michaels () winsnort com>
Date: Sat, 27 Sep 2003 20:17:09 -0700
Raymond, Snort is an IDS (Intrusion Detection System) not an IPS (Intrusion Prevention System). Snort is an IDS where a firewall is an IPS. Snort in its native form is not capable of blocking. A firewall is your first line of defense. Snort has never had anything that was ever reliable enough to block traffic effectively and reliably. Snort is the best IDS out there as far as I know, but it's a lousy IPS, which it was never designed to be. Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: Raymond Norton [mailto:admin () lctn org] Sent: Saturday, September 27, 2003 8:03 PM To: Michael Steele Cc: Snort-users () lists sourceforge net Subject: Re: [Snort-users] multiple questions OK, point taken. First question: As a novice I am not clear if the new install I just did according to the redhat docs has a way of blocking the traffic that I get alerts on. I use quite a few IPCop boxes with snort that block everything they log. This is what I was hoping to accomplish when I did my new install. I see now that it alerts, but does not stop the traffic. I read the FAQ, and see that there are some other programs that build rules on the fly when an attack is perceived. I am not sure if it is necessary to implement these programs, or if there is something in snort I can turn on to do this. I have read some pros and cons on this, but feel in my current circumstance I would like to block unwanted traffic. ----- Original Message ----- From: "Michael Steele" <michaels () winsnort com> To: "'Raymond Norton'" <admin () lctn org>; <Snort-users () lists sourceforge net> Sent: Saturday, September 27, 2003 8:53 PM Subject: RE: [Snort-users] multiple questions
Raymond, I don't have any policy setting authority and I'm just a mouse among the many, but this list is not designed to solicit off site free help. There
is
only one person benefiting for the knowledge that you may get and the list is used for the many. Now if you are soliciting to hire a Security Consult, well that is acceptable because you would paying for the service. If you are looking
for
a Security Consultant then by all means leave me a private email and give you a number to call. A good idea would be to outline your questions and then start posting them in the order of importance. They need to be specific to Snort. Might not
be
a good idea to flood the list all at one time with a bunch of questions. Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Raymond
Norton
Sent: Friday, September 26, 2003 7:55 AM To: Snort-users () lists sourceforge net Subject: [Snort-users] multiple questions I have a number of questions about implementing snort specific to my network. I would like to correspond via email with someone that feels comfortable with implementing snort on a WAN. Some of my questions concern policy routing, blocking traffic vs.
alerting,
and rules specific to my network. If you can be of assistance please send me an email. Raymond Norton ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- multiple questions Raymond Norton (Sep 26)
- RE: multiple questions Michael Steele (Sep 29)
- <Possible follow-ups>
- Re: multiple questions Raymond Norton (Sep 29)
- RE: multiple questions Michael Steele (Sep 29)