Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NIPS Rules

From: wkitty42 () windstream net
Date: Tue, 22 Aug 2017 16:32:32 -0400
On 08/22/2017 02:12 AM, Manojit Ghosh via Snort-users wrote:

I was hoping to block them using snort. I am in a wireless network.
in that case, you might want to run snort in IPS mode instead of IDS mode... that puts snort inline of your traffic where it can drop the traffic or let it pass...
an alternative would be to use another device as a sniffer/firewall and let snort and the firewall communicate (somehow) so the firewall can update its settings for blocking...
security onion does a lot (a whole lot!) and may be able to talk so various firewalls... snort is part of security onion and it comes with the database and analysis stuff as well as being able to clone off files being transferred so they can be analyzed, too... 

i don't use security onion but i have looked at it in the past...

--
 NOTE: No off-list assistance is given without prior approval.
       *Please keep mailing list traffic on the list unless*
       *a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: