Snort mailing list archives
Re: multiple questions
From: "Raymond Norton" <admin () lctn org>
Date: Sat, 27 Sep 2003 22:02:42 -0500
OK, point taken. First question: As a novice I am not clear if the new install I just did according to the redhat docs has a way of blocking the traffic that I get alerts on. I use quite a few IPCop boxes with snort that block everything they log. This is what I was hoping to accomplish when I did my new install. I see now that it alerts, but does not stop the traffic. I read the FAQ, and see that there are some other programs that build rules on the fly when an attack is perceived. I am not sure if it is necessary to implement these programs, or if there is something in snort I can turn on to do this. I have read some pros and cons on this, but feel in my current circumstance I would like to block unwanted traffic. ----- Original Message ----- From: "Michael Steele" <michaels () winsnort com> To: "'Raymond Norton'" <admin () lctn org>; <Snort-users () lists sourceforge net> Sent: Saturday, September 27, 2003 8:53 PM Subject: RE: [Snort-users] multiple questions
Raymond, I don't have any policy setting authority and I'm just a mouse among the many, but this list is not designed to solicit off site free help. There
is
only one person benefiting for the knowledge that you may get and the list is used for the many. Now if you are soliciting to hire a Security Consult, well that is acceptable because you would paying for the service. If you are looking
for
a Security Consultant then by all means leave me a private email and give you a number to call. A good idea would be to outline your questions and then start posting them in the order of importance. They need to be specific to Snort. Might not
be
a good idea to flood the list all at one time with a bunch of questions. Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Raymond
Norton
Sent: Friday, September 26, 2003 7:55 AM To: Snort-users () lists sourceforge net Subject: [Snort-users] multiple questions I have a number of questions about implementing snort specific to my network. I would like to correspond via email with someone that feels comfortable with implementing snort on a WAN. Some of my questions concern policy routing, blocking traffic vs.
alerting,
and rules specific to my network. If you can be of assistance please send me an email. Raymond Norton ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- multiple questions Raymond Norton (Sep 26)
- RE: multiple questions Michael Steele (Sep 29)
- <Possible follow-ups>
- Re: multiple questions Raymond Norton (Sep 29)
- RE: multiple questions Michael Steele (Sep 29)