Snort mailing list archives
Re: IDS vs IPS
From: Matt Kettler <mkettler () EVI-INC COM>
Date: Thu, 21 Aug 2003 10:19:02 -0400
At 12:10 PM 8/20/2003 -0400, Vkmobile () aol com wrote:
So is Snort an IDS or an IPS (Intrusion Prevention) or both?Also, how can an IDS be converted to an IPS? Can someone point me in the right direction such as an FAQ or some website where i can read and learn?
Snort itself is an IDS, and specifically a NIDS (network IDS) as opposed to a HIDS (host IDS). There are tools like inline-snort and snortsam which make it into an IPS by allowing it to interact with a firewall to block packets.
Snortsam is quite powerful, but it acts slightly after the offending packet, so it won't block the packet that caused the alert. It's capable of reconfiguring a wide variety of firewalls, including hardware boxes like the cisco PIX.
inline-snort I don't know much about, but I think it interacts with the linux kernel's IPTables/netfilter layer directly. As such, it can only work on linux, but might be able to block packets in true realtime. (at the expense of some network slowdown if your rules are complex).
------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- IDS vs IPS Vkmobile (Aug 20)
- Re: [Snort-devel] IDS vs IPS Jeff Nathan (Aug 21)
- Re: Re: [Snort-devel] IDS vs IPS twig les (Aug 22)
- Re: [Snort-devel] IDS vs IPS pieter claassen (Aug 25)
- Re: IDS vs IPS Matt Kettler (Aug 21)
- Re: IDS vs IPS Ravi (Aug 21)
- Re: IDS vs IPS Stephan Scholz (Aug 22)
- Re: IDS vs IPS Matt Kettler (Aug 22)
- Re: IDS vs IPS Nihar S. Khedekar (Aug 21)
- Re: Re: [Snort-users] IDS vs IPS Yves Boisjoly (Aug 25)
- Re: IDS vs IPS Ravi (Aug 21)
- Re: IDS vs IPS Ravi (Aug 22)
- Available for download? Vkmobile (Aug 21)
- Re: [Snort-devel] Available for download? Brian (Aug 21)
- Re: [Snort-devel] Available for download? Roland Turner (Aug 26)
- Available for download? Vkmobile (Aug 21)
- Re: [Snort-devel] IDS vs IPS Jeff Nathan (Aug 21)