Snort mailing list archives
Re: Snort IPS
From: Dave Osbourne <dave () osbourne uk eu org>
Date: Wed, 3 Aug 2016 15:50:22 +0100
Ok, for "traffic" read "volume" i.e. link saturation. Ironically, the only DDOS(s) that I experience regularly *are* link saturation level events (2GB+)... I don't see any examples of syn attacks that aren't deal with at application level anyway.
It would be interesting to know what general intrusions people use snort to prevent (that had it not been there would not have been a non issue anyway).
My specific use is between an external application and internal database servers that otherwise would have mean a complex API being written and maintained.
D On 2016-08-03 15:42, Russ wrote:
Snort can do rate-based attack prevention. Check the manual or README.filters for rate_filter.On 8/3/16 9:03 AM, Dave Osbourne wrote:I use snort as an IPS, but it won't prevent a traffic based DDOS. You'll need a separate plan for them.D On 2016-08-03 13:11, Al Lewis (allewi) wrote:https://www.snort.org/faq/what-can-i-do-with-snortYou can find some information in the manual (in the snort download) and on the web here:http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node2.html *Albert Lewis* ENGINEER.SOFTWARE ENGINEERING SOURCE*fire*, Inc. now part of *Cisco* Email: allewi () cisco com <mailto:allewi () cisco com>From: Latif Shaikh <latif.shaikh7 () gmail com <mailto:latif.shaikh7 () gmail com>>Date: Wednesday, August 3, 2016 at 7:38 AMTo: 'snort-users' <snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net>>Subject: [Snort-users] Snort IPSNow I am using snort as IDS in our network environment. I heard that snort have IPS mechanism. But I have not get any doc or any URLs to prevent DDOS attack or syn attack.@All: Can you please help me how to use snort as IPS? -- ---------------------------- Thanks & Regards, Latif Shaikh ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visithttp://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visithttp://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort IPS Latif Shaikh (Aug 03)
- Re: Snort IPS Al Lewis (allewi) (Aug 03)
- Re: Snort IPS Dave Osbourne (Aug 03)
- Re: Snort IPS Russ (Aug 03)
- Re: Snort IPS Dave Osbourne (Aug 03)
- Re: Snort IPS Anton Bezkrovny (Aug 04)
- Re: Snort IPS Dave Osbourne (Aug 03)
- Re: Snort IPS Al Lewis (allewi) (Aug 03)