Re: SHUN

[Alberto Gonzalez <albertg () cerebro violating us>]

I know the purpose of a white-list and now while im running on 4hours of 
sleep, it makes more sense.(Damn MVA)
Now, if you insert an IP in your whitelist, yea you won't block on that 
particular IP, but hopefully you only put *trusted*
machines in that list. I now know what he meant about missing attacks, 
but i was tired.. eek still am.

Cheers!

   - Alberto *Yawn* Gonzalez

Frank Knobbe wrote:

> On Tue, 2002-12-03 at 01:37, Alberto Gonzalez wrote:
>
>  
>
> > Maybe I missed something. but what does a white-list of IP's have todo 
> > with missing internal attacks?
> > Yes, snortsam does active blocking. doesn't mean the engine it uses 
> > stops alerting on malicious packets.
> > You configure the rules to use with snortsam. YOU have control. Just 
> > configure snortsam (which uses snort)
> > to listen on the internal interface, or am I just extremly tired?
> >    
>
> You must be tired ;)
>
> Snort will only send a blocking *request* to SnortSam. It still works as
> a normal IDS. SnortSam can ignore requests for IP's that are
> white-listed. One doesn't have anything to do with the other. The IDS is
> still an IDS is still and IDS...
>
> Frank
>
>  

--
The secret to success is to start from scratch and keep on scratching.




-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users