Snort-Inline and worm containment
From: Tom McLaughlin (tmclaugh@sdf.lonestar.org)
Date: 01/29/03
- Previous message: Todd Heberlein: "Re: Active response... some thoughts."
- Next in thread: Lance Spitzner: "Re: Snort-Inline and worm containment"
- Reply: Lance Spitzner: "Re: Snort-Inline and worm containment"
- Reply: Shaiful: "Re: Snort-Inline and worm containment"
- Reply: Rob Shein: "RE: Snort-Inline and worm containment"
- Maybe reply: Ken Smith: "RE: Snort-Inline and worm containment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Tom McLaughlin <tmclaugh@sdf.lonestar.org> To: focus-ids@securityfocus.com Date: 28 Jan 2003 21:19:17 -0500
Hi everyone,
The recent Slammer worm made me think a little about using Snort-Inline
for some form of network worm containment purposes. I did a quick
Google search and found little on the idea. Has anyone found or written
anything on using Snort-Inline to prevent the spread of viruses across a
network? Think about the benefits to an organization of being able to
confine virus outbreaks to particular segments of a network and not
having problems effect the stability of the remaining users, or more
importantly, spreading across a network to the point of overwhelming
available resources.
Thanks,
Tom
-- Mandrake Cooker + Honeypot = http://cookerpot.linsec.ca
- Next message: Steven Richards: "RE: Active response... some thoughts."
- Previous message: Todd Heberlein: "Re: Active response... some thoughts."
- Next in thread: Lance Spitzner: "Re: Snort-Inline and worm containment"
- Reply: Lance Spitzner: "Re: Snort-Inline and worm containment"
- Reply: Shaiful: "Re: Snort-Inline and worm containment"
- Reply: Rob Shein: "RE: Snort-Inline and worm containment"
- Maybe reply: Ken Smith: "RE: Snort-Inline and worm containment"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
