Snort mailing list archives
Re: Configuring snort as IPS
From: Kevin Ross <kevross33 () googlemail com>
Date: Wed, 25 Jan 2012 14:27:02 +0000
But reactive response isn't good marketing terminology :-p Then again you are actively responding to the attack and it is the response that may highlight the post alert nature of it. You are still reacting to something that has happened. Then again there are books like: - Intrusion Prevention and Active Response: Deploying Host and Network IPS - Also in the Snort IDS/IPS Toolkit you appear as a contributer/author/technical editor (whatever it was) and it has: Chapter 12: Active Response and Intrusion Prevention. How come not Reactive Response? ;-p lol Besides I take the view ideally yes attack should be dropped inline but I like to block the hostile host so they can't retry. Kev On 24 January 2012 16:16, Joel Esler <jesler () sourcefire com> wrote:
Okay, I'm going to be pedantic for a minute. Snortsam isn't "active response" it's "reactive response". It will take action after "x" occurs, post alert. IPS, by our definition is the ability to drop a packet inline, meaning *at* alert time. I also don't think you have to patch Snort anymore to get Snortsam. I think it's built into Barynard2 now. On Tue, Jan 24, 2012 at 8:27 AM, Fabio Almeida <mentesan () gmail com> wrote:Hi Sandip, Active response with http://www.snortsam.net/ Great and flexible solution, works on many firewall systems and you can use on various Snort Sensors, and firewall boxes. Fabio Almeida Em 24/01/2012, às 08:09, Sandip Bankewar escreveu: Hi,**** ** ** I don’t want my system to be act as gateway.**** ** ** What is the best way to configure snort as IPS??**** ** ** How can we configure?? Can anyone provide me steps??**** ** ** ** ** Regards,**** Sandip Bankewar**** ** ** ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJPHrHAAAoJEOvN6k4KDu4agFsH/1e/bytty+QBacvwYDdhawrA 6f+ua6lerdaZwLJ1Ll9NCSDO1WMACikfAn1jSB+3eGzNYvB4xUPYZk5p5HJHCN8K ISm8sDk/wcfnN9FcBKX+Czqt7XMYL93KMZvSI8q+bwGTlliGaDkzwhcLMKd1SY+d XySYt6XuWbk002Sx/ummcy4kGGr4v48FCsBo4fNlWBVACsmcp7vCx0QPcfw+MGp9 MMC/HW+CjXJrXeET/W5hzoRICSRSEfx7dEDLsrMcFiaWc56kMmoG7c2cRmlnNzTq 4/Pw0wNmoxGM48A/Rt1JI8M93gs6LjFCEkWO2+L7aaalFSftzqmUwYxTZy877aU= =uJq6 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!-- Joel Esler | http://blog.snort.org | http://vrt-blog.snort.org | http://blog.clamav.net Twitter: http://twitter.com/snort ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Configuring snort as IPS Sandip Bankewar (Jan 24)
- Re: Configuring snort as IPS Kevin Ross (Jan 24)
- Re: Configuring snort as IPS Fabio Almeida (Jan 24)
- Re: Configuring snort as IPS Sandip Bankewar (Jan 24)
- Re: Configuring snort as IPS Fabio Almeida (Jan 24)
- Re: Configuring snort as IPS Kevin Ross (Jan 24)
- Re: Configuring snort as IPS JJC (Jan 24)
- Re: Configuring snort as IPS Sandip Bankewar (Jan 24)
- Re: Configuring snort as IPS Joel Esler (Jan 24)
- Re: Configuring snort as IPS JJC (Jan 24)
- Re: Configuring snort as IPS Kevin Ross (Jan 25)
- Re: Configuring snort as IPS Joel Esler (Jan 25)
- Re: Configuring snort as IPS Kevin Ross (Jan 25)
- Re: Configuring snort as IPS Joel Esler (Jan 25)