Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort as a PIDS!

From: Eric Hines <eric.hines () appliedwatch com>
Date: Wed, 01 Nov 2006 10:39:56 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Understand of course, which I'm sure you do, that the flexresp
preprocessor is going to be time-dependent. I've seen it used
effectively in environments able to successfully reset connections but
if you want true IP accuracy you'll want to go inline.

Also, if you are in a high bandwidth environment, take a look at the
libpcap alternatives like Phil Woods and pf_ring3 (offloads packet
processing in a ring buffer in memory)

You may also wish to check out ClamAV. Though, their are discussions
right now of how much bandwidth it can actually handle as reports have
been pretty poor.

Best Regards,

Eric Hines, GCIA, CISSP
CEO, President
Applied Watch Technologies, LLC
1095 Pingree Road
Suite 221
Crystal Lake, IL 60014
Toll Free: (877) 262-7593
Fax: (847) 854-5106
Cell: (847) 456-6785
Web: www.appliedwatch.com



Zakai Kinan wrote:

I am ready to change my snort to a preventive system.  I know that my choices are inline, snortsam, and flexible 
response.  Am I missing anything?  My research has not turned up anything else.  The question is which one of the 
choices is the most effective?  I have tried flexible response and it is not effective and I do understand the 
technical issues.


TIA,


ZK





-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFSM3c1va6QYTV0EMRAiXkAJ9eQlcb71B1q53b88fsIVkmafCw6wCePpWW
gWvdE+8J+2KvwF4Uyqp7HXY=
=NVqf
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: