Re: Configuring snort as IPS

[Kevin Ross <kevross33 () googlemail com>]

But reactive response isn't good marketing terminology :-p Then again you
are actively responding to the attack and it is the response that may
highlight the post alert nature of it. You are still reacting to something
that has happened. Then again there are books like:
- Intrusion Prevention and Active Response: Deploying Host and Network IPS
- Also in the Snort IDS/IPS Toolkit you appear as a
contributer/author/technical editor (whatever it was) and it has: Chapter
12: Active Response and Intrusion Prevention. How come not Reactive
Response? ;-p lol

Besides I take the view ideally yes attack should be dropped inline but I
like to block the hostile host so they can't retry.

Kev



On 24 January 2012 16:16, Joel Esler <jesler () sourcefire com> wrote:

> Okay, I'm going to be pedantic for a minute.
>
> Snortsam isn't "active response" it's "reactive response".  It will take
> action after "x" occurs, post alert.  IPS, by our definition is the ability
> to drop a packet inline, meaning *at* alert time.
>
> I also don't think you have to patch Snort anymore to get Snortsam.  I
> think it's built into Barynard2 now.
>
> On Tue, Jan 24, 2012 at 8:27 AM, Fabio Almeida <mentesan () gmail com> wrote:
>
> > Hi Sandip,
> >
> > Active response with http://www.snortsam.net/
> >
> > Great and flexible solution, works on many firewall systems and you can
> > use on various Snort Sensors, and firewall boxes.
> >
> > Fabio Almeida
> > Em 24/01/2012, às 08:09, Sandip Bankewar escreveu:
> >
> > Hi,****
> > ** **
> > I don’t want my system to be act as gateway.****
> > ** **
> > What is the best way to configure snort as IPS??****
> > ** **
> > How can we configure?? Can anyone provide me steps??****
> > ** **
> > ** **
> > Regards,****
> > Sandip Bankewar****
> > ** **
> >
> > ------------------------------------------------------------------------------
> > Keep Your Developer Skills Current with LearnDevNow!
> > The most comprehensive online learning library for Microsoft developers
> > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> > Metro Style Apps, more. Free future releases when you subscribe now!
> >
> > http://p.sf.net/sfu/learndevnow-d2d_______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
> >
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> >
> > iQEcBAEBAgAGBQJPHrHAAAoJEOvN6k4KDu4agFsH/1e/bytty+QBacvwYDdhawrA
> > 6f+ua6lerdaZwLJ1Ll9NCSDO1WMACikfAn1jSB+3eGzNYvB4xUPYZk5p5HJHCN8K
> > ISm8sDk/wcfnN9FcBKX+Czqt7XMYL93KMZvSI8q+bwGTlliGaDkzwhcLMKd1SY+d
> > XySYt6XuWbk002Sx/ummcy4kGGr4v48FCsBo4fNlWBVACsmcp7vCx0QPcfw+MGp9
> > MMC/HW+CjXJrXeET/W5hzoRICSRSEfx7dEDLsrMcFiaWc56kMmoG7c2cRmlnNzTq
> > 4/Pw0wNmoxGM48A/Rt1JI8M93gs6LjFCEkWO2+L7aaalFSftzqmUwYxTZy877aU=
> > =uJq6
> > -----END PGP SIGNATURE-----
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Keep Your Developer Skills Current with LearnDevNow!
> > The most comprehensive online learning library for Microsoft developers
> > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> > Metro Style Apps, more. Free future releases when you subscribe now!
> > http://p.sf.net/sfu/learndevnow-d2d
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
>
>
>
> --
> Joel Esler | http://blog.snort.org | http://vrt-blog.snort.org |
> http://blog.clamav.net
> Twitter:  http://twitter.com/snort
>
>
>
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!