Snort mailing list archives
Re: Action while receive alerts
From: Joel Esler <joel.esler () sourcefire com>
Date: Fri, 11 Aug 2006 07:17:51 -0400
Yes. Snort does not know if your machine has been patched or not, it observes the attack and warns you on it. In order to do what you are asking, you'd need Snort combined with a product like RNA. Both from Sourcefire. Joel On Aug 10, 2006, at 10:18 PM, Than Yu Jin wrote:
Hi all, May I know what is you all action while receiving alerts from your snort server? Did you patch accordingly to the servers being intruder? Let’s have a scenario as below, Example: While someone is trying to intrude to my server application vulnerability which I already patched with latest patch. 1) Will I still receive snort alert? Thank You..... Regards, Eugene IT Security, OPUS/IT 03 - 27306653 (ext: 653) Data Classification: 2 [ 0-Public 1-Internal 2-Confidential (authorization required) 3- Strictly Confidential ] This message is intended solely for the addressee. It is confidential and may be legally privileged. Access to this message by anyone is unauthorized. Unauthorized use is strictly prohibited and may be unlawful. If you are not the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, except for the purpose of the delivery to the addressee, is prohibited and may be unlawful. Any confidentiality or privilege is not waived or lost because this mail has been sent to by mistake. This e-mail and any attachments therewith are intended only for the use of the address. This e-mail may contain confidential and privileged information. Any unauthorized use, copying or disclosure of information contained in this e-mail or its attachments is strictly prohibited and may be unlawful. If you have received this e-mail in error, please contact the sender via return e-mail and delete this e-mail and attachments thereafter. Any confidentiality or privilege is not waived or lost because this e-mail has been sent to you by mistake. Any liability for viruses is excluded to the fullest extent permitted by law. ---------------------------------------------------------------------- --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel? cmd=lnk&kid=120709&bid=263057&dat=121642______________________________ _________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
+---------------------------------------------------------------------+ joel esler senior security consultant 1-706-627-2101 Sourcefire Security for the /Real/ World -- http://www.sourcefire.com Snort - Open Source Network IPS/IDS -- http://www.snort.org gpg key: http://demo.sourcefire.com/jesler.pgp.key aim:eslerjoel ymsg:eslerjoel gtalk:eslerj +---------------------------------------------------------------------+ ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Action while receive alerts Than Yu Jin (Aug 10)
- Re: Action while receive alerts Joel Esler (Aug 11)