snort-inline inbound ruleset?
From: John Flynn (johnflynn@fastmail.fm)
Date: 02/02/03
- Previous message: Konrad Rieck: "Costs of a compromise related to the detection time"
- Next in thread: Lance Spitzner: "Re: snort-inline inbound ruleset?"
- Reply: Lance Spitzner: "Re: snort-inline inbound ruleset?"
- Maybe reply: Gonzalez, Albert: "RE: snort-inline inbound ruleset?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "John Flynn" <johnflynn@fastmail.fm> To: focus-ids@securityfocus.com Date: Sun, 02 Feb 2003 12:09:20 -0600
Hi all,
I'm fairly new to the IDS scene. I want to deploy some sort of open
source IPS. I've read most of the stuff from the honeynet project and
those guys are doing a great job with snort-inline. They have a great
default ruleset to filter outgoing traffic. I was wondering if
snort-inline is a recommended approach for an IPS at this point and if
so, does someone have a good default blocking ruleset for incoming
untrusted traffic they could point me to? I have been having a huge
problem with false positive rates with snort on my network and i'm
struggling to come up with an IPS solution that won't block legitimate
traffic. Would people recommend I use hogwash or something else instead
of snort-inline?
You folks are all doing a great thing here in this list...
John Flynn
-- http://fastmail.fm - A fast, anti-spam email service.
- Next message: Terence Runge: "RE: Did IDSes detect the SQL worm?"
- Previous message: Konrad Rieck: "Costs of a compromise related to the detection time"
- Next in thread: Lance Spitzner: "Re: snort-inline inbound ruleset?"
- Reply: Lance Spitzner: "Re: snort-inline inbound ruleset?"
- Maybe reply: Gonzalez, Albert: "RE: snort-inline inbound ruleset?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
