[Snort-users] SNORT vs Firewall

Lotlikar, Sushant Sushant_Lotlikar at ...1653...
Mon Mar 26 23:34:25 EST 2001


hi guys,

thanx for ur prompt help.

well i believe a packet filtering firewall works at the network level. most
packet filtering is done on the router. the drawback being that a packet
filter can't protect against spoofed attacks

i msut admit that i'm not very sure bout  a proxy firewall. i think a proxy
firewall is more like screening the traffic at the application level.
the drawback being that there have to be proxy versions for the protocols.

regards,
	sushant.
> ----------
> From: 	Berend De Schouwer[SMTP:bds at ...1654...]
> Reply To: 	bds at ...1654...
> Sent: 	Saturday, March 24, 2001 6:31 PM
> To: 	Lotlikar, Sushant
> Cc: 	snort-users at lists.sourceforge.net
> Subject: 	Re: [Snort-users] SNORT vs Firewall
> 
> On Sat, 24 Mar 2001 13:52:04 "Lotlikar, Sushant" wrote:
> | hi every1,
> | 
> | i just wanted to know wats the difference between an IDS like snort and
> a
> | FIREWALL.
> 
> An IDS looks at packets and alerts you.  An IDS looks for abuses
> of certain applications, or of the TCP/IP protocol suite.  An IDS
> can examine network traffic (like Snort), or examine system calls on
> a host (like LIDS).
> 
> A Firewall looks at packets and blocks them.  A firewall deals
> with allowing or disallowing certain services or applications to run
> on a network.
> 
> They compliment each other: I want to allow DNS traffic, so
> I setup my firewall to allow DNS, but I want to watch for people
> trying to hack my DNS server, so I use an IDS to watch my DNS
> server.
> 
> A good firewall will run an IDS as well to protect itself, although
> one that is less resource hungry than Snort.  Its not a good idea
> to rely entirely on one product.  There is no magic bullet.
> 
> | thanx for help,
> 
> Well, now we get to finer definitions:  Under Firewall, do you understand
> a packet filter, a proxy firewall, or both? :)
> 
> | 	sushant . . .
> | 
> | _______________________________________________
> | Snort-users mailing list
> | Snort-users at lists.sourceforge.net
> | Go to this URL to change user options or unsubscribe:
> | http://lists.sourceforge.net/lists/listinfo/snort-users
> | Snort-users list archive:
> | http://www.geocrawler.com/redir-sf.php3?list=snort-users
> | 
> Kind regards,				  
> Berend                                  
> 
> -- 
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Berend De Schouwer, +27-11-712-1435, UCS
> 




More information about the Snort-users mailing list