[Snort-users] New Trend: Intrusion Prevention

Bob Dehnhardt bob.dehnhardt at ...7168...
Fri Dec 13 11:10:05 EST 2002

Everything I've seen about IPS is that it's intended as another facet of
security, not as a replacement for IDS. IPS is useful for preventing attacks
that can be identified with a high (99%+) degree of accuracy, like SYN/FIN
sweeps. Attacks that may have a significant number of false positives are
outside IPS's realm, since having that traffic dropped would likely affect
normal network operations. IDS with a real live decision-making person will
be used in those cases, just as today.

There is no single solution, probably never will be.

 - Bob

Bob Dehnhardt
IT Operations Manager - Reno
(775) 327-6407

 -----Original Message-----
From: 	Steve Halligan [mailto:giermo at ...187...] 
Sent:	Friday, December 13, 2002 10:16 AM
To:	'Sheahan, Paul (PCLN-NW)'; Snort List (E-mail)
Subject:	RE: [Snort-users] New Trend: Intrusion Prevention

>I attended Infosecurity 2002 yesterday and there was much talk about
>intrusion detection going away, and intrusion prevention 
>replacing it. Does
>anyone know if there are any plans to include intrusion prevention
>functionality into Snort in the future?

The future is now.


Also see Hogwash at:

Now one could (and I would) debate the premise that you stated, but that is
a whole 'nother can of worms.


This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility 
Learn to use your power at OSDN's High Performance Computing Channel
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list