Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Which rules to get inline

From: mosquitooth () gmx net
Date: Sun, 6 Mar 2005 22:25:42 +0100 (MET)
Hi,

as snort is able to get 'inline' and therefore act as an IPS. But, as there
are still some false positives, it seems to me that not every rule is useful
in an IPS environment - but which are? I think that especially the
BAD_TRAFFIC and BACKDOOR rules won't fail often - so these would be of first
choice when deploying an 'IPS'. Do you agree? Which rules do you think would
serve this purpose?

Thanks for any answers on this poll,

Peter

-- 
DSL Komplett von GMX +++ Supergünstig und stressfrei einsteigen!
AKTION "Kein Einrichtungspreis" nutzen: http://www.gmx.net/de/go/dsl


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: