[Snort-users] SHUN

Frank Knobbe fknobbe at ...652...
Mon Dec 2 22:19:09 EST 2002


On Tue, 2002-12-03 at 01:37, Alberto Gonzalez wrote:

> Maybe I missed something. but what does a white-list of IP's have todo 
> with missing internal attacks?
> Yes, snortsam does active blocking. doesn't mean the engine it uses 
> stops alerting on malicious packets.
> You configure the rules to use with snortsam. YOU have control. Just 
> configure snortsam (which uses snort)
> to listen on the internal interface, or am I just extremly tired?

You must be tired ;)

Snort will only send a blocking *request* to SnortSam. It still works as
a normal IDS. SnortSam can ignore requests for IP's that are
white-listed. One doesn't have anything to do with the other. The IDS is
still an IDS is still and IDS...

Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021202/01daad5d/attachment.sig>


More information about the Snort-users mailing list