Snort-Inline and worm containment

From: Tom McLaughlin (
Date: 01/29/03

  • Next message: Steven Richards: "RE: Active response... some thoughts."
    From: Tom McLaughlin <>
    Date: 28 Jan 2003 21:19:17 -0500

    Hi everyone,

    The recent Slammer worm made me think a little about using Snort-Inline
    for some form of network worm containment purposes. I did a quick
    Google search and found little on the idea. Has anyone found or written
    anything on using Snort-Inline to prevent the spread of viruses across a
    network? Think about the benefits to an organization of being able to
    confine virus outbreaks to particular segments of a network and not
    having problems effect the stability of the remaining users, or more
    importantly, spreading across a network to the point of overwhelming
    available resources.


    Mandrake Cooker + Honeypot =