Snort mailing list archives
Re: snort-NIDS inline mode configuration questions
From: lay rando <khaosnetz () googlemail com>
Date: Fri, 20 May 2011 18:35:57 +0200
For a homenet I would recommend smoothwall as an easy choice with some choice addons, namely: - Guardian (active response, blocks ip addresses based on snort alerts for a period of time) http://community.smoothwall.org/forum/viewtopic.php?f=52&t=30245 - Snort 2.8.6.1 http://community.smoothwall.org/forum/viewtopic.php?f=26&t=36435 - Blackhole DNS (resolves DNS queries for tens of thousands of malware domains, mainly from malwaredomains.com which it updates to loopback 127.0.0.1 so your clients don't connect to them) http://community.smoothwall.org/forum/viewtopic.php?f=103&t=26030 And there are plenty others. This would mean (with some configuration, putting on the emergingthreats.net rules etc you get a firewall, DNS blackhole, snort with active response and so on. If you are running it on your network key things are: - It can see the traffic (inline this isn't a problem, IDS would mean mirroring the port or being able to see the traffic such as on the gateway). - internally you get less alerts that are more appropriate (i.e you will see malware internal to your network and stuff that has made it into your network. I would recommend running the emergingthreats snort rules too for the malware detection they offer as well as other stuff.
thanks for your reply, but actually i have a fine working system i'm just looking for answers to my questions. ------------------------------------------------------------------------------ What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort-NIDS inline mode configuration questions lay rando (May 20)
- Re: snort-NIDS inline mode configuration questions Kevin Ross (May 20)
- Re: snort-NIDS inline mode configuration questions lay rando (May 20)
- Re: snort-NIDS inline mode configuration questions Joel Esler (May 20)
- Re: snort-NIDS inline mode configuration questions Russ Combs (May 20)
- Re: snort-NIDS inline mode configuration questions Kevin Ross (May 20)