Snort mailing list archives
Re: Configuring snort as IPS
From: JJC <cummingsj () gmail com>
Date: Tue, 24 Jan 2012 09:10:37 -0700
To this point, you definitely want to run snort passively for a while to familiarize yourself with it's setup and functionality. Beyond that, when inline, Snort does not typically run as a "Gateway". Rather, it is an unnumbered and therefore non-routing piece of equipment that simply reads traffic from the wire, makes a decision about the traffic and then writes it back to the wire.. no routing or ip addressing on the interfaces whatsoever. But I think that is a discussion or "Google" session for another time, once you have familiarized yourself with the fundamental operation of Snort and Intrusion Detection. JJC On Tue, Jan 24, 2012 at 9:01 AM, Kevin Ross <kevross33 () googlemail com>wrote:
In simple terms yeah (assuming installing, configuring etc is simple). However; I would not block anything until you run it in IDS mode for a while. Do plenty tuning for what rules you need or don't need (use pulled pork and don't forget the emergingthreats.net rules) and then dealt with whatever false positives occur in your environment to reduce the chances of blocking legitimate traffic. regards, Kev On 24 January 2012 14:48, Sandip Bankewar <sbankewar () cloudaccess com>wrote:Hi Fabio,**** ** ** Thanks for your response. I am new to SNORT.**** I have a snort installed so I just need to install this tool right???**** ** ** **** Regards,**** Sandip Bankewar**** ** ** *From:* Fabio Almeida [mailto:mentesan () gmail com] *Sent:* 24 January 2012 18:57 *To:* Sandip Bankewar *Cc:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] Configuring snort as IPS**** ** ** Hi Sandip,**** ** ** Active response with http://www.snortsam.net/**** ** ** Great and flexible solution, works on many firewall systems and you can use on various Snort Sensors, and firewall boxes.**** ** ** Fabio Almeida**** Em 24/01/2012, às 08:09, Sandip Bankewar escreveu:**** **** Hi,**** **** I don’t want my system to be act as gateway.**** **** What is the best way to configure snort as IPS??**** **** How can we configure?? Can anyone provide me steps??**** **** **** Regards,**** Sandip Bankewar**** **** ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!**** ** ** ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Configuring snort as IPS Sandip Bankewar (Jan 24)
- Re: Configuring snort as IPS Kevin Ross (Jan 24)
- Re: Configuring snort as IPS Fabio Almeida (Jan 24)
- Re: Configuring snort as IPS Sandip Bankewar (Jan 24)
- Re: Configuring snort as IPS Fabio Almeida (Jan 24)
- Re: Configuring snort as IPS Kevin Ross (Jan 24)
- Re: Configuring snort as IPS JJC (Jan 24)
- Re: Configuring snort as IPS Sandip Bankewar (Jan 24)
- Re: Configuring snort as IPS Joel Esler (Jan 24)
- Re: Configuring snort as IPS JJC (Jan 24)
- Re: Configuring snort as IPS Kevin Ross (Jan 25)
- Re: Configuring snort as IPS Joel Esler (Jan 25)
- Re: Configuring snort as IPS Kevin Ross (Jan 25)
- Re: Configuring snort as IPS Joel Esler (Jan 25)