Snort mailing list archives
IDS or IPS
From: Marcio Guerreiro <marcio.guerreiro () hotmail co uk>
Date: Wed, 15 Apr 2015 22:50:31 +0100
Hi everyone I am new to snort and I have a quick question.. I have installed snort as NDIS mode but I would like to know if is possible to reset TCP connection as the following document states. As far I understand Snort would be able to generate the alerts for me, however if I need to take some action I would have to manually resolve the problem or some how implement snort as IPS ? The document I am reading is about IDS in general. http://www.sans.org/reading-room/whitepapers/detection/intrusion-detection-s ystems-definition-challenges-343 If the sensors detect any malicious activity, it matches the malicious packet against the attack signature database. In case it finds a match, the sensor reports the malicious activity to the management console. The sensor can take different actions based on how they are configured."For example, the sensor can reset the TCP connection by sending a TCP FIN, modify the access control list on the gateway router or the firewall or send an email notification to the administrator for appropriate action." Thank you Marcio Guerreiro
------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- IDS or IPS Marcio Guerreiro (Apr 15)
- Re: IDS or IPS Al Lewis (allewi) (Apr 15)