Snort mailing list archives

Re: It is possible to execute NIPS and NIDS together?

From: Younes Abderrahmane via Snort-users <snort-users () lists snort org>
Date: Sun, 10 Jun 2018 04:16:59 +0430

Thank you I really appreciate your help. **Cynthia Leonard **

so by configuring snort in NIPS mode and by putting rule action as  drop
allows me to store  alerts in the database (using for that the barnyard
plugin).

my purpose  is to block the attack attempts, and at the same time store the
info of the attacker in a database (ip address, attack time, attacked ...).

best regards sincerely.

On Tue, Jun 5, 2018 at 11:08 AM, Cynthia Leonard (cyleonar) <
cyleonar () cisco com> wrote:

Hi Younes,

If you run Snort in NIPS mode , that should help you detect and block the
attacks.  You can initially start with rule action as alert, if you want to
only view the alerts, then you can change the rule action from alert ->
drop if you want to block the attacks after taking a look at the alerts.



Regards

Cynthia





*From:* Snort-users [mailto:snort-users-bounces () lists snort org] *On
Behalf Of *Younes Abderrahmane via Snort-users
*Sent:* Friday, June 1, 2018 10:15 PM
*To:* snort-users () lists snort org
*Subject:* [Snort-users] It is possible to execute NIPS and NIDS together?



Hello everyone ,



Is it possible to install snort in a machine as being NIDS to generate
alerts and store them in the database (I have already made this stage using
Barnyard2  and  MySQL database ) ,

and in the second machine as being NIPS to block the traffic generates by
this NIDS?





my goal is to save the alerts in a MySQL database, and then block the
attack attempts that generated these alerts.

I do not know if NIDS is able to do these two options (generate alerts and
block attacks), that's why I thought about using a NIPS with NIDS.

it's possible





Thank you.

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

It is possible to execute NIPS and NIDS together? Younes Abderrahmane via Snort-users (Jun 04)
- Re: It is possible to execute NIPS and NIDS together? Cynthia Leonard (cyleonar) via Snort-users (Jun 05)
  - Re: It is possible to execute NIPS and NIDS together? Younes Abderrahmane via Snort-users (Jun 10)
    - Re: It is possible to execute NIPS and NIDS together? Cynthia Leonard (cyleonar) via Snort-users (Jun 13)
- <Possible follow-ups>
- It is possible to execute NIPS and NIDS together? Younes Abderrahmane via Snort-users (Jun 04)