Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IDS or IPS

From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Thu, 16 Apr 2015 00:56:58 +0000
Hello Marcio,

Please see the section on active response: http://manual.snort.org/node26.html



Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com

From: Marcio Guerreiro [mailto:marcio.guerreiro () hotmail co uk]
Sent: Wednesday, April 15, 2015 5:51 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] IDS or IPS

Hi everyone

I am new to snort and I have a quick question..

I have installed snort as NDIS mode but I would like to know if is possible to   reset TCP connection as the following 
document states. As far I understand Snort would be able to generate the alerts for me, however if I need to take some 
action I would have to manually resolve the problem or some how implement snort as IPS ?

The document I am reading is about IDS in general...

http://www.sans.org/reading-room/whitepapers/detection/intrusion-detection-systems-definition-challenges-343

If the sensors detect any malicious activity, it matches the malicious packet against the
attack signature database. In case it finds a match, the sensor reports the malicious
activity to the management console. The sensor can take different actions based on
how they are configured."For example, the sensor can reset the TCP connection by sending a
TCP FIN, modify the access control list on the gateway router or the firewall
or send an email notification to the administrator for appropriate action."


Thank you

Marcio Guerreiro

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: