Snort-Inline and worm containment

From: Tom McLaughlin (tmclaugh@sdf.lonestar.org)
Date: 01/29/03

  • Next message: Steven Richards: "RE: Active response... some thoughts."
    From: Tom McLaughlin <tmclaugh@sdf.lonestar.org>
    To: focus-ids@securityfocus.com
    Date: 28 Jan 2003 21:19:17 -0500
    
    

    Hi everyone,

    The recent Slammer worm made me think a little about using Snort-Inline
    for some form of network worm containment purposes. I did a quick
    Google search and found little on the idea. Has anyone found or written
    anything on using Snort-Inline to prevent the spread of viruses across a
    network? Think about the benefits to an organization of being able to
    confine virus outbreaks to particular segments of a network and not
    having problems effect the stability of the remaining users, or more
    importantly, spreading across a network to the point of overwhelming
    available resources.

    Thanks,
    Tom

    -- 
    Mandrake Cooker + Honeypot = http://cookerpot.linsec.ca