[Snort-users] SHUN

Alberto Gonzalez albertg at ...7149...
Tue Dec 3 03:34:02 EST 2002

I know the purpose of a white-list and now while im running on 4hours of 
sleep, it makes more sense.(Damn MVA)
Now, if you insert an IP in your whitelist, yea you won't block on that 
particular IP, but hopefully you only put *trusted*
machines in that list. I now know what he meant about missing attacks, 
but i was tired.. eek still am.


    - Alberto *Yawn* Gonzalez

Frank Knobbe wrote:

>On Tue, 2002-12-03 at 01:37, Alberto Gonzalez wrote:
>>Maybe I missed something. but what does a white-list of IP's have todo 
>>with missing internal attacks?
>>Yes, snortsam does active blocking. doesn't mean the engine it uses 
>>stops alerting on malicious packets.
>>You configure the rules to use with snortsam. YOU have control. Just 
>>configure snortsam (which uses snort)
>>to listen on the internal interface, or am I just extremly tired?
>You must be tired ;)
>Snort will only send a blocking *request* to SnortSam. It still works as
>a normal IDS. SnortSam can ignore requests for IP's that are
>white-listed. One doesn't have anything to do with the other. The IDS is
>still an IDS is still and IDS...

The secret to success is to start from scratch and keep on scratching.

More information about the Snort-users mailing list