Snort mailing list archives
RE: Snort& Intrusion Prevention
From: "Joshua Berry" <jberry () PENSON COM>
Date: Thu, 3 Jun 2004 08:15:22 -0500
My definition of Inline would be something that sits directly "Inline" with the traffic flow, something that traffic is forced to flow through depending on the destination. Flexresp works with Snort passively sniffing traffic, it does not have to have traffic flow through it to work. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Maetzky, Steffen (Extern) Sent: Thursday, June 03, 2004 4:43 AM To: 'Matt Kettler'; 'Snort-User (snort-users () lists sourceforge net)' Subject: AW: [Snort-users] Snort& Intrusion Prevention
However, neither flexresp nor flexresp2 are inline type technologies,
and they operate
VERY differently than inline-snort.
I agree with you that they work differently but I'm not sure that flexresp/ flexresp 2 isn't a kind of inline-ids:
"in-line" means just that.. the snort box is in-line with your data
flow, much like a
firewall box. It's got two ethernet interfaces, and data must go
through the snort box, and can't go around it.
Internet -------- inline-snort ------ your network
How does flexresp/flexresp2 communicate if it isn't a kind of inline-ids? iface (promisc) ------- snort ------- os? (reset on receiver-side) iface (promisc) ------- snort ------- os ------- iface (non promisc)? (reset on source-side) ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort& Intrusion Prevention Maetzky, Steffen (Extern) (Jun 02)
- Re: Snort& Intrusion Prevention Frank Knobbe (Jun 02)
- Message not available
- Re: Snort& Intrusion Prevention Matt Kettler (Jun 02)
- <Possible follow-ups>
- RE: Snort& Intrusion Prevention Joshua Berry (Jun 03)