Snort mailing list archives
Re: Snort 0,01 seconds too late?
From: waldo kitty <wkitty42 () windstream net>
Date: Sun, 01 Dec 2013 13:12:52 -0500
On 12/1/2013 4:12 AM, Gregor Mahnic wrote:
Hello, I hope no one gets upset with me for this question but is it possible for snort to fail to stop an attack? I hear this a lot when I google for some thing about snort. I mean not that I have any doubts my self about snort but I just wondered how would a snort user comment on some one who sarcastically states that snort would be 0,001 seconds too late to stop an attack. I am wondering because in part I want to become an avid snort user. I need to do a lot more research and reading about every thing connected with snort such as oink, barnyard,...
regardless of using other tools, this highly depends on how snort is implemented in one's setup... snort in inline mode (IPS) places snort directly in the path of the traffic... snort gets the traffic when it arrives, analyzes it and then either passes the traffic thru to the outbound side or drops the traffic in the bitbucket... the traffic cannot pass unless snort allows it to... inline mode is also known as IPS (intrusion prevention system)... IDS mode, (intrusion detection system) is different in that snort is watching the ball game from the sidelines... if it sees something then it raises a flag (an alert) which another tool may react to... in this situation, yes, the response will be delayed by some small period of time...
Are these sort of sentiments expressed by individuals who are too lazy to implement snort? I mean I my self see how long it has taken me to understand the basics and as I have said I need to do a whole lot more reading!
lazy? maybe... maybe not... only aware of one method of implementation? yes, most likely... -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort 0,01 seconds too late? Gregor Mahnic (Dec 01)
- Re: Snort 0,01 seconds too late? waldo kitty (Dec 01)