Re: Snort IPS

[Dave Osbourne <dave () osbourne uk eu org>]

Ok, for "traffic" read "volume" i.e. link saturation.  Ironically, the 
only DDOS(s) that I experience regularly *are* link saturation level 
events (2GB+)...  I don't see any examples of syn attacks that aren't 
deal with at application level anyway.

It would be interesting to know what general intrusions people use snort 
to prevent (that had it not been there would not have been a non issue 
anyway).

My specific use is between an external application and internal database 
servers that otherwise would have mean a complex API being written and 
maintained.

D

On 2016-08-03 15:42, Russ wrote:
> Snort can do rate-based attack prevention.  Check the manual or 
> README.filters for rate_filter.
>
> On 8/3/16 9:03 AM, Dave Osbourne wrote:
> > I use snort as an IPS, but it won't prevent a traffic based DDOS.  
> > You'll need a separate plan for them.
> >
> > D
> >
> > On 2016-08-03 13:11, Al Lewis (allewi) wrote:
> > > https://www.snort.org/faq/what-can-i-do-with-snort
> > >
> > > You can find some information in the manual (in the snort download) 
> > > and on the web here:
> > >
> > > http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node2.html
> > >
> > >
> > >
> > > *Albert Lewis*
> > >
> > > ENGINEER.SOFTWARE ENGINEERING
> > >
> > > SOURCE*fire*, Inc. now part of *Cisco*
> > >
> > > Email: allewi () cisco com <mailto:allewi () cisco com>
> > >
> > >
> > > From: Latif Shaikh <latif.shaikh7 () gmail com 
> > > <mailto:latif.shaikh7 () gmail com>>
> > > Date: Wednesday, August 3, 2016 at 7:38 AM
> > > To: 'snort-users' <snort-users () lists sourceforge net 
> > > <mailto:snort-users () lists sourceforge net>>
> > > Subject: [Snort-users] Snort IPS
> > >
> > > Now I am using snort as IDS in our network environment. I heard that 
> > > snort have IPS mechanism. But I have not get any doc or any URLs to 
> > > prevent DDOS attack or syn attack.
> > >
> > > @All: Can you please help me how to use snort as IPS?
> > >
> > > --
> > > ----------------------------
> > > Thanks & Regards,
> > > Latif Shaikh
> > >
> > >
> > > ------------------------------------------------------------------------------
> > >
> > >
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> > >
> > > Please visithttp://blog.snort.org  to stay current on all the latest Snort news!
> >
> >
> >
> > ------------------------------------------------------------------------------
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> >
> > Please visithttp://blog.snort.org  to stay current on all the latest Snort news!

------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!