IDS or IPS

[Marcio Guerreiro <marcio.guerreiro () hotmail co uk>]

Hi everyone

 

I am new to snort and I have a quick question..

 

I have installed snort as NDIS mode but I would like to know if is possible
to   reset TCP connection as the following document states. As far I
understand Snort would be able to generate the alerts for me, however if I
need to take some action I would have to manually resolve the problem or
some how implement snort as IPS ?

 

The document I am reading is about IDS in general.

 

http://www.sans.org/reading-room/whitepapers/detection/intrusion-detection-s
ystems-definition-challenges-343

 

If the sensors detect any malicious activity, it matches the malicious
packet against the 

attack signature database. In case it finds a match, the sensor reports the
malicious 

activity to the management console. The sensor can take different actions
based on 

how they are configured."For example, the sensor can reset the TCP
connection by sending a 

TCP FIN, modify the access control list on the gateway router or the
firewall 

or send an email notification to the administrator for appropriate action."

 

 

Thank you

 

Marcio Guerreiro

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!