[Snort-users] New Trend: Intrusion Prevention

twig les twigles at ...131...
Fri Dec 13 12:27:06 EST 2002

I've seen a few of these for a couple years now, but
generally I run into the host-based ones.  Eeye makes
one for that retarded MS web server here:

I believe it intercepts kernel calls and blocks/passes
them, kinda playing middleman.  Not sure though. 
Looks neat, but I don't see any silver bullet here
either; not unless you want to slap this type of thing
on your 500-5000 XP workstations too.

--- "Ibarra, Michael" <m.ibarra at ...7065...> wrote:
> -----Original Message-----
> From: Sheahan, Paul (PCLN-NW)
> [mailto:Paul.Sheahan at ...2218...]
> Sent: Friday, December 13, 2002 12:31 PM
> To: Snort List (E-mail)
> Subject: [Snort-users] New Trend: Intrusion
> Prevention
> I attended Infosecurity 2002 yesterday and there was
> much talk about
> intrusion detection going away, and intrusion
> prevention replacing it. Does
> anyone know if there are any plans to include
> intrusion prevention
> functionality into Snort in the future?
> Thanks,
> Paul Sheahan
> Can you elaborate on this? Do they mean that a
> sensor will pro
> actively block IP's/attacks?
> -mike
> This sf.net email is sponsored by:
> With Great Power, Comes Great Responsibility 
> Learn to use your power at OSDN's High Performance
> Computing Channel
> http://hpc.devchannel.org/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
> Snort-users list archive:

If you give a man a fish, he can eat for a day
If you bludgeon him to death, you can eat the fish yourself                       

Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.

More information about the Snort-users mailing list