[Snort-users] SNORT vs Firewall
Berend De Schouwer
bds at ...1654...
Sat Mar 24 08:01:14 EST 2001
On Sat, 24 Mar 2001 13:52:04 "Lotlikar, Sushant" wrote:
| hi every1,
| i just wanted to know wats the difference between an IDS like snort and a
An IDS looks at packets and alerts you. An IDS looks for abuses
of certain applications, or of the TCP/IP protocol suite. An IDS
can examine network traffic (like Snort), or examine system calls on
a host (like LIDS).
A Firewall looks at packets and blocks them. A firewall deals
with allowing or disallowing certain services or applications to run
on a network.
They compliment each other: I want to allow DNS traffic, so
I setup my firewall to allow DNS, but I want to watch for people
trying to hack my DNS server, so I use an IDS to watch my DNS
A good firewall will run an IDS as well to protect itself, although
one that is less resource hungry than Snort. Its not a good idea
to rely entirely on one product. There is no magic bullet.
| thanx for help,
Well, now we get to finer definitions: Under Firewall, do you understand
a packet filter, a proxy firewall, or both? :)
| sushant . . .
| Snort-users mailing list
| Snort-users at lists.sourceforge.net
| Go to this URL to change user options or unsubscribe:
| Snort-users list archive:
Berend De Schouwer, +27-11-712-1435, UCS
More information about the Snort-users