[Snort-users] SNORT vs Firewall

Berend De Schouwer bds at ...1654...
Sat Mar 24 08:01:14 EST 2001

On Sat, 24 Mar 2001 13:52:04 "Lotlikar, Sushant" wrote:
| hi every1,
| i just wanted to know wats the difference between an IDS like snort and a

An IDS looks at packets and alerts you.  An IDS looks for abuses
of certain applications, or of the TCP/IP protocol suite.  An IDS
can examine network traffic (like Snort), or examine system calls on
a host (like LIDS).

A Firewall looks at packets and blocks them.  A firewall deals
with allowing or disallowing certain services or applications to run
on a network.

They compliment each other: I want to allow DNS traffic, so
I setup my firewall to allow DNS, but I want to watch for people
trying to hack my DNS server, so I use an IDS to watch my DNS

A good firewall will run an IDS as well to protect itself, although
one that is less resource hungry than Snort.  Its not a good idea
to rely entirely on one product.  There is no magic bullet.

| thanx for help,

Well, now we get to finer definitions:  Under Firewall, do you understand
a packet filter, a proxy firewall, or both? :)

| 	sushant . . .
| _______________________________________________
| Snort-users mailing list
| Snort-users at lists.sourceforge.net
| Go to this URL to change user options or unsubscribe:
| http://lists.sourceforge.net/lists/listinfo/snort-users
| Snort-users list archive:
| http://www.geocrawler.com/redir-sf.php3?list=snort-users
Kind regards,				  

Berend De Schouwer, +27-11-712-1435, UCS

More information about the Snort-users mailing list