Snort mailing list archives
Snort& Intrusion Prevention
From: "Maetzky, Steffen (Extern)" <Steffen.Maetzky () gedas de>
Date: Wed, 2 Jun 2004 15:10:07 +0200
Hi, I'd like to compare some possabilities of using snort as IPS. I know the following plugins/ patches: Flexresp/ flexresp2, Snort-inline, Guardian, Snortsam I'd like to know if my understanding of them is right or not and if there are further advantages, disadvantages I have not listed and which depends directly to the architecture of one of the systems. My understanding of them is the following: 1. Snort is getting in "Inline-Mode" (what does "Inline-Mode" mean?) if I use flexresp, flexresp2 or snort-inline which means that snort can block activly. Advantage: -> only the sessions is closed which is including a bad paket -> no DoS over a special period like in other systems, only the bad paket is blocked -> no changes to the active firewall are made Disadvantage: -> snort drops packets during it blocks a session 2. If I use guardian or snortsam snort is still passiv and doesn't drop packets but sessions are closed over a special period. Guardian and snortsam reconfigure an active firewall directly. -> DoS possible Please, tell me what you know Steffen ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort& Intrusion Prevention Maetzky, Steffen (Extern) (Jun 02)
- Re: Snort& Intrusion Prevention Frank Knobbe (Jun 02)
- Message not available
- Re: Snort& Intrusion Prevention Matt Kettler (Jun 02)
- <Possible follow-ups>
- RE: Snort& Intrusion Prevention Joshua Berry (Jun 03)