Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Can someone show an example how to force snort block ssh bruteforce?

From: waldo kitty <wkitty42 () windstream net>
Date: Mon, 23 Apr 2012 07:12:38 -0400
On 4/23/2012 03:06, kay wrote:

What do you mean? Snort is an IPS, OSSEC is an IDS.


actually, snort is both IDS and IPS... but ONLY insofar as it looking at the 
traffic on the wire and compares it with its rules... i use snort as an IDS with 
another tool that monitors snort's alerts and set blocks based on those 
alerts... snort in IPS mode handles these blocks on its own...

AFAIK, OSSEC is an IDS but it goes deeper than just using snort's alerts ;)


------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: