Snort mailing list archives
Re: Inline IPS
From: Heine Lysemose <lysemose () gmail com>
Date: Wed, 7 Sep 2011 08:45:25 +0200
Hi I have this small guide I produced myself. Maybe it will get you in the right direction... The setup is one or more IDS/IPS' and a separate MySQL DB with Snorby as front-end (it's only Snort in this document). Currently it is only Snort 2.9.0.5 with rules since the new 2.9.1-rules are not yet released to registered users. It will be within the month. But it's relatively easy to upgrade the document to 2.9.1-release. /Lysemose On Wed, Sep 7, 2011 at 2:27 AM, Joel Esler <jesler () sourcefire com> wrote:
Extremely well, so well in fact, it's the number 1 rated IPS. (Sourcefire) That being said. I don't know of a specific document that takes you step by step on how to make an inline ips out of Snort. If someone in the community wants to step up and write one, I am sure it would be of benefit! And of course we could get some rewards in line. I would, but right now, this malware is keeping me busy! -- Joel Esler On Sep 6, 2011, at 7:47 PM, Damien Hull <dhull () section9 us> wrote:How well does snort work as an inline IPS? Are there any instructions for configuring snort as an inline IPS?------------------------------------------------------------------------------ Using storage to extend the benefits of virtualization and iSCSI Virtualization increases hardware utilization and delivers a new level of agility. Learn what those decisions are and how to modernize your storage and backup environments for virtualization. http://www.accelacomm.com/jaw/sfnl/114/51434361/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Attachment:
Snort IPS.txt
Description:
------------------------------------------------------------------------------ Using storage to extend the benefits of virtualization and iSCSI Virtualization increases hardware utilization and delivers a new level of agility. Learn what those decisions are and how to modernize your storage and backup environments for virtualization. http://www.accelacomm.com/jaw/sfnl/114/51434361/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Inline IPS Damien Hull (Sep 06)
- Re: Inline IPS Joel Esler (Sep 06)
- Re: Inline IPS Damien Hull (Sep 06)
- Re: Inline IPS Heine Lysemose (Sep 06)
- <Possible follow-ups>
- Re: Inline IPS Morgan Cox (Sep 07)
- Re: Inline IPS Damien Hull (Sep 07)
- Message not available
- Re: Inline IPS Morgan Cox (Sep 07)
- Re: Inline IPS Heine Lysemose (Sep 07)
- Re: Inline IPS Morgan Cox (Sep 07)
- Message not available
- Re: Inline IPS Morgan Cox (Sep 07)
- Re: Inline IPS Heine Lysemose (Sep 07)
- Re: Inline IPS Damien Hull (Sep 07)
- Re: Inline IPS Joel Esler (Sep 07)
- Re: Inline IPS Russ Combs (Sep 07)
- Re: Inline IPS Joel Esler (Sep 06)