Snort-Inline and worm containment

From: Tom McLaughlin (tmclaugh@sdf.lonestar.org)
Date: 01/29/03

  • Next message: Steven Richards: "RE: Active response... some thoughts."
    From: Tom McLaughlin <tmclaugh@sdf.lonestar.org>
    To: focus-ids@securityfocus.com
    Date: 28 Jan 2003 21:19:17 -0500
    
    

    Hi everyone,

    The recent Slammer worm made me think a little about using Snort-Inline
    for some form of network worm containment purposes. I did a quick
    Google search and found little on the idea. Has anyone found or written
    anything on using Snort-Inline to prevent the spread of viruses across a
    network? Think about the benefits to an organization of being able to
    confine virus outbreaks to particular segments of a network and not
    having problems effect the stability of the remaining users, or more
    importantly, spreading across a network to the point of overwhelming
    available resources.

    Thanks,
    Tom

    -- 
    Mandrake Cooker + Honeypot = http://cookerpot.linsec.ca
    


    Relevant Pages

    • RE: Snort-Inline and worm containment
      ... The Honeynet Project uses a variant of Snort-Inline for an almost identical ... purpose in their 2nd Generation Honeynets. ... > Snort-Inline for some form of network worm containment ...
      (Focus-IDS)
    • Re: [Full-disclosure] Quarantine your infected users spreading malware
      ... There is a method used in my network to fix this kind of situations and this ... is called the Spread & Patch system were some machines controlled by me ... Quarantine your infected users spreading malware ... Should the ISP do this? ...
      (Full-Disclosure)
    • Re: [Full-disclosure] Quarantine your infected users spreading malware
      ... There is a method used in my network to fix this kind of situations and this ... is called the Spread & Patch system were some machines controlled by me ... Quarantine your infected users spreading malware ... Should the ISP do this? ...
      (Bugtraq)
    • RE: Network Segregation to prevent spread of malware
      ... Network Segregation to prevent spread of malware ... You can reduce the risk of malware spreading between network segments by placing IPS interfaces between the segments. ...
      (Security-Basics)
    • Re: Queueing in Python (ala JMS)
      ... Spread allows you to multicast messages to a large number of clients without knowing anything about where those clients are, or how to connect to them. ... it does not provide what JMS calls "durable" subscriptions in that you must be connected to the network to be guaranteed to receive a message. ... I have implemented a prototype distributed event system on top of the spread toolkit that provides some durable subscription like functionality. ...
      (comp.lang.python)