Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Can someone show an example how to force snort block ssh bruteforce?

From: kay <kay.diam () gmail com>
Date: Mon, 23 Apr 2012 16:32:55 +0400
It would be nice if you told me the app name which reacts to snort
alerts and blocks traffic.

And again, your messages are are not full enough. What did you mean
when said about "snort in IPS mode handles these blocks on its own"?
=)

At the moment my prior task is to research opensource IPS systems and
choose the best, and your "on its own" words confused me.

23 апреля 2012 г. 15:12 пользователь waldo kitty
<wkitty42 () windstream net> написал:

What do you mean? Snort is an IPS, OSSEC is an IDS.


actually, snort is both IDS and IPS... but ONLY insofar as it looking at the
traffic on the wire and compares it with its rules... i use snort as an IDS with
another tool that monitors snort's alerts and set blocks based on those
alerts... snort in IPS mode handles these blocks on its own...

AFAIK, OSSEC is an IDS but it goes deeper than just using snort's alerts ;)


------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: