RE: [Snort-users] Snort IPS Functionality
This is a discussion on RE: [Snort-users] Snort IPS Functionality within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. ------_=_NextPart_001_01C53531.8B6FB961 Content-Type: text/plain; charset="us-ascii&...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-31-2005
|
|||
|
|||
RE: [Snort-users] Snort IPS Functionality
This is a multi-part message in MIME format.
------_=_NextPart_001_01C53531.8B6FB961 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable See this: http://snort-inline.sourceforge.net/ =20 Bruce _____ =20 From: snort-users-admin@lists.sourceforge.net [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Dave Raven Sent: Wednesday, March 30, 2005 7:24 AM To: snort-users@lists.sourceforge.net Subject: [Snort-users] Snort IPS Functionality Hello all, I'm interested in using snort on a FreeBSD machine as an IPS. I've read the docs on the website and as far as I can see the only available "IPS" functionality exists on Linux, using iptables. Does this actually just drop the questionable packet - or is it generating firewall rules? And does any of the IPS functionality work on FreeBSD at all? There was a project a while ago called Hogwash, which would do exactly what I'm interested in - but that seems long dead... =20 Thanks in advance Dave =20 ------_=_NextPart_001_01C53531.8B6FB961 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML xmlns=3D"http://www.w3.org/TR/REC-html40" xmlns:o =3D=20 "urn:schemas-microsoft-com:office:office" xmlns:w =3D=20 "urn:schemas-microsoft-com:office:word"><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"> <META content=3D"MSHTML 6.00.2900.2604" name=3DGENERATOR> <STYLE> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0cm; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline;} span.EmailStyle17 {mso-style-type:personal-compose; font-family:Arial; color:windowtext;} @page Section1 {size:612.0pt 792.0pt; margin:72.0pt 90.0pt 72.0pt 90.0pt;} div.Section1 {page:Section1;} --> </STYLE> </HEAD> <BODY lang=3DEN-US vLink=3Dpurple link=3Dblue> <DIV dir=3Dltr align=3Dleft><SPAN class=3D791250514-30032005><FONT = face=3DArial=20 color=3D#0000ff size=3D2>See this:</FONT></SPAN></DIV> <DIV dir=3Dltr align=3Dleft><SPAN class=3D791250514-30032005><FONT = face=3DArial=20 color=3D#0000ff size=3D2><A=20 href=3D"http://snort-inline.sourceforge.net/">http://snort-inline.sourcef= orge.net/</A></FONT></SPAN></DIV> <DIV dir=3Dltr align=3Dleft><SPAN class=3D791250514-30032005><FONT = face=3DArial=20 color=3D#0000ff size=3D2></FONT></SPAN> </DIV> <DIV dir=3Dltr align=3Dleft><SPAN class=3D791250514-30032005><FONT = face=3DArial=20 color=3D#0000ff size=3D2>Bruce</FONT></SPAN></DIV><BR> <DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr align=3Dleft> <HR tabIndex=3D-1> <FONT face=3DTahoma size=3D2><B>From:</B> = snort-users-admin@lists.sourceforge.net=20 [mailto:snort-users-admin@lists.sourceforge.net] <B>On Behalf Of = </B>Dave=20 Raven<BR><B>Sent:</B> Wednesday, March 30, 2005 7:24 AM<BR><B>To:</B>=20 snort-users@lists.sourceforge.net<BR><B>Subject:</B> [Snort-users] Snort = IPS=20 Functionality<BR></FONT><BR></DIV> <DIV></DIV> <DIV class=3DSection1> <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Hello=20 all,<o:p></o:p></SPAN></FONT></P> <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial"> & nbsp; = =20 I’m interested in using snort on a FreeBSD machine as an IPS. = I’ve read the docs=20 on the website and as far as I can see the only available = “IPS” functionality=20 exists on Linux, using iptables. Does this actually just drop the = questionable=20 packet – or is it generating firewall rules? And does any of the = IPS=20 functionality work on FreeBSD at all? There was a project a while ago = called=20 Hogwash, which would do exactly what I’m interested in – but = that seems long=20 dead…<o:p></o:p></SPAN></FONT></P> <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial"><o:p> </o:p></SPAN></FONT></P> <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks in=20 advance<o:p></o:p></SPAN></FONT></P> <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">Dave<o:p></o:p></SPAN></FONT></P> <P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial"><o:p> </o:p></SPAN></FONT></P></DIV></BODY></HTML> ------_=_NextPart_001_01C53531.8B6FB961-- ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
