snort-inline inbound ruleset?

From: John Flynn (johnflynn@fastmail.fm)
Date: 02/02/03

  • Next message: Terence Runge: "RE: Did IDSes detect the SQL worm?"
    From: "John Flynn" <johnflynn@fastmail.fm>
    To: focus-ids@securityfocus.com
    Date: Sun, 02 Feb 2003 12:09:20 -0600
    
    

    Hi all,

    I'm fairly new to the IDS scene. I want to deploy some sort of open
    source IPS. I've read most of the stuff from the honeynet project and
    those guys are doing a great job with snort-inline. They have a great
    default ruleset to filter outgoing traffic. I was wondering if
    snort-inline is a recommended approach for an IPS at this point and if
    so, does someone have a good default blocking ruleset for incoming
    untrusted traffic they could point me to? I have been having a huge
    problem with false positive rates with snort on my network and i'm
    struggling to come up with an IPS solution that won't block legitimate
    traffic. Would people recommend I use hogwash or something else instead
    of snort-inline?
    You folks are all doing a great thing here in this list...
    John Flynn

    -- 
    http://fastmail.fm - A fast, anti-spam email service.
    


    Relevant Pages

    • Re: Checkpoint smart defance as IPS
      ... also if i will recommend a commercial waf the client wont have the money for it so I need to come with a reasonable solution! ... Checkpoint smart defance as IPS ... which IPS you recommend for doing the task? ...
      (Security-Basics)
    • Re: Checkpoint smart defance as IPS
      ... Checkpoint smart defance as IPS ... which IPS you recommend for doing the task? ... You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. ...
      (Security-Basics)