Re: Snort inline and iptables

From: Will Metcalf (william.metcalf_at_gmail.com)
Date: 08/22/05

Next message: snort user: "IPS technology question."

Previous message: Soi, Dhruv: "RE: Snort inline and iptables"
In reply to: afshinlamei_at_gmail.com: "Snort inline and iptables"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 22 Aug 2005 07:06:12 -0500
To: "afshinlamei@gmail.com" <afshinlamei@gmail.com>

> 1- can i use snort inline+iptables in router (no bridge) mode under linux?
Yes...
> 2- what's the performance issuses when using snort inline + flexresponse mode?
Are you talking about using reject rules or using --enable-flexresp?

Regards,

Will

On 22 Aug 2005 05:29:16 -0000, afshinlamei@gmail.com
<afshinlamei@gmail.com> wrote:
> Dear all,
> 1- can i use snort inline+iptables in router (no bridge) mode under linux?
> 2- what's the performance issuses when using snort inline + flexresponse mode?
> thanks
> afshin
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

Next message: snort user: "IPS technology question."

Previous message: Soi, Dhruv: "RE: Snort inline and iptables"
In reply to: afshinlamei_at_gmail.com: "Snort inline and iptables"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: IDS Evaluation
... vulnerability scanning). ... We actually include a limited license copy of Core Impact with our ... Evaluation boxes that we ship so people can easily evaluate our IPS ... >> about the accuracy of the ids. ...
(Focus-IDS)
Re: RE: IDS testing tools
... Nessus is a bad choice to test IDS as it is a vulnerability scanner. ... >Find out quickly and easily by testing it with real-world attacks from CORE ... >with real-world attacks from CORE IMPACT. ...
(Focus-IDS)
Re: Host Based IDS
... Assunto: RE: Host Based IDS ... Anitian Enterprise Security ... with real-world attacks from CORE IMPACT. ...
(Focus-IDS)
RE: IDS
... Subject: IDS ... Safe Access that does pretty much what you describe. ... Find out quickly and easily by testing it with real-world attacks from ... with real-world attacks from CORE IMPACT. ...
(Focus-IDS)
RE: IDS event filtering
... It is important to avoid tuning out real attacks when they happen by having over-pruned the inside attack tree... ... > ingress - egress firewall rules, IDS configs, or whatever. ... > CORE IMPACT. ... > Find out quickly and easily by testing it with real-world attacks from ...
(Focus-IDS)