[Snort-users] SNORT vs Firewall
Sushant_Lotlikar at ...1653...
Mon Mar 26 23:34:25 EST 2001
thanx for ur prompt help.
well i believe a packet filtering firewall works at the network level. most
packet filtering is done on the router. the drawback being that a packet
filter can't protect against spoofed attacks
i msut admit that i'm not very sure bout a proxy firewall. i think a proxy
firewall is more like screening the traffic at the application level.
the drawback being that there have to be proxy versions for the protocols.
> From: Berend De Schouwer[SMTP:bds at ...1654...]
> Reply To: bds at ...1654...
> Sent: Saturday, March 24, 2001 6:31 PM
> To: Lotlikar, Sushant
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] SNORT vs Firewall
> On Sat, 24 Mar 2001 13:52:04 "Lotlikar, Sushant" wrote:
> | hi every1,
> | i just wanted to know wats the difference between an IDS like snort and
> | FIREWALL.
> An IDS looks at packets and alerts you. An IDS looks for abuses
> of certain applications, or of the TCP/IP protocol suite. An IDS
> can examine network traffic (like Snort), or examine system calls on
> a host (like LIDS).
> A Firewall looks at packets and blocks them. A firewall deals
> with allowing or disallowing certain services or applications to run
> on a network.
> They compliment each other: I want to allow DNS traffic, so
> I setup my firewall to allow DNS, but I want to watch for people
> trying to hack my DNS server, so I use an IDS to watch my DNS
> A good firewall will run an IDS as well to protect itself, although
> one that is less resource hungry than Snort. Its not a good idea
> to rely entirely on one product. There is no magic bullet.
> | thanx for help,
> Well, now we get to finer definitions: Under Firewall, do you understand
> a packet filter, a proxy firewall, or both? :)
> | sushant . . .
> | _______________________________________________
> | Snort-users mailing list
> | Snort-users at lists.sourceforge.net
> | Go to this URL to change user options or unsubscribe:
> | http://lists.sourceforge.net/lists/listinfo/snort-users
> | Snort-users list archive:
> | http://www.geocrawler.com/redir-sf.php3?list=snort-users
> Kind regards,
> Berend De Schouwer, +27-11-712-1435, UCS
More information about the Snort-users