Re: [Snort-users] snort-inline vs. snort with inline ??
This is a discussion on Re: [Snort-users] snort-inline vs. snort with inline ?? within the Snort forums, part of the System Security and Security Related category; Snort is the tool for most cases, but it does have a steep learning curve. Thankfully there are a number ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-11-2006
|
|||
|
|||
Re: [Snort-users] snort-inline vs. snort with inline ??
Snort is the tool for most cases, but it does have a steep learning
curve. Thankfully there are a number of howto's out there. I'd recommend learning snort in a passive mode to start. Figure out how to tune your rulesets, vars, etc. When you are confident there then choose a way to block. Your options for blocking are: snort_inline Snortsam (www.snortsam.net) Flex response Flex isn't completely effective. Give Snrotsam and inline a good look. Both have advantages, depends on your environment. Nice thing with snortsam is you can share blocks among several devices... <shameless plug> Also be sure to hit bleedingsnort.com for the extra rulesets </shameless plug> Matt Michael W Cocke wrote: > You're quick - checked my web site before you replied (I assume)? > > I'll stick my neck out and say - based entirely on available info on > setup and maint. here on the web - that snort looks better for my > purposes. I was just wondering if I was missing something. I took a > look at the source, but it's so far over my head I got dizzy. I'm > definitely liking the improved security since my last overhaul (when I > first installed snort), but since I'm looking at doing it again I > thought I'd ask some stupid questions. Since I am, does anyone know > of another firewall (besides vuurmuur) that works properly with snort > (with inline)? I can tell you that shorewall is supposed to but > doesn't. > > Mike- > > > On Tue, 11 Apr 2006 08:15:20 -0500, you wrote: > >> Using snort-inline is like herding pigs ;-) >> >> -William Metcalf >> >> On 4/11/06, Michael W Cocke <cocke@catherders.com> wrote: >>> I'm trying to work out what the difference is between running >>> snort-inline and snort compiled 'with-inline'... Is there any? Which >>> is better? (I know better is subjective, but give me a clue or two). >>> >>> Mike- >>> -- >>> If you're not confused, you're not trying hard enough. >>> -- >>> Please note - Due to the intense volume of spam, we have installed >>> site-wide spam filters at catherders.com. If email from you bounces, >>> try non-HTML, non-encoded, non-attachments, >>> >>> >>> >>> ------------------------------------------------------- >>> This SF.Net email is sponsored by xPML, a groundbreaking scripting >> language >>> that extends applications into web and mobile media. Attend the live >> webcast >>> and join the prime developer group breaking into this new coding >> territory! >>> http://sel.as-us.falkag.net/sel?cmd=...720&dat=121642 >>> _______________________________________________ >>> Snort-users mailing list >>> Snort-users@lists.sourceforge.net >>> Go to this URL to change user options or unsubscribe: >>> https://lists.sourceforge.net/lists/...fo/snort-users >>> Snort-users list archive: >>> http://www.geocrawler.com/redir-sf.p...st=snort-users >>> > -- > If you're not confused, you're not trying hard enough. > -- > Please note - Due to the intense volume of spam, we have installed > site-wide spam filters at catherders.com. If email from you bounces, > try non-HTML, non-encoded, non-attachments, > > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > that extends applications into web and mobile media. Attend the live webcast > and join the prime developer group breaking into this new coding territory! > http://sel.as-us.falkag.net/sel?cmd=...720&dat=121642 > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users -- -------------------------------------------- Matthew Jonkman, CISSP Senior Security Engineer Infotex 765-429-0398 Direct Anytime 765-448-6847 Office 866-679-5177 24x7 NOC http://my.infotex.com http://www.infotex.com http://www.bleedingsnort.com -------------------------------------------- :wq ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=...720&dat=121642 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
