Snort mailing list archives
Re: Snort as a PIDS!
From: Eric Hines <eric.hines () appliedwatch com>
Date: Wed, 01 Nov 2006 10:39:56 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Understand of course, which I'm sure you do, that the flexresp preprocessor is going to be time-dependent. I've seen it used effectively in environments able to successfully reset connections but if you want true IP accuracy you'll want to go inline. Also, if you are in a high bandwidth environment, take a look at the libpcap alternatives like Phil Woods and pf_ring3 (offloads packet processing in a ring buffer in memory) You may also wish to check out ClamAV. Though, their are discussions right now of how much bandwidth it can actually handle as reports have been pretty poor. Best Regards, Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC 1095 Pingree Road Suite 221 Crystal Lake, IL 60014 Toll Free: (877) 262-7593 Fax: (847) 854-5106 Cell: (847) 456-6785 Web: www.appliedwatch.com Zakai Kinan wrote:
I am ready to change my snort to a preventive system. I know that my choices are inline, snortsam, and flexible response. Am I missing anything? My research has not turned up anything else. The question is which one of the choices is the most effective? I have tried flexible response and it is not effective and I do understand the technical issues. TIA, ZK ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFSM3c1va6QYTV0EMRAiXkAJ9eQlcb71B1q53b88fsIVkmafCw6wCePpWW gWvdE+8J+2KvwF4Uyqp7HXY= =NVqf -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort as a PIDS! Zakai Kinan (Nov 01)
- Re: Snort as a PIDS! Eric Hines (Nov 01)
- Re: Snort as a PIDS! Joel Esler (Nov 01)