[Snort-users] Which GIDS to use? Snort-inlie, snortsam or hogwash?

Frank Knobbe fknobbe at ...652...
Sun Jan 19 16:59:02 EST 2003


On Thu, 2003-01-16 at 18:55, Jason Silverglate wrote:
> Which GIDS to use? Snort-inlie, snortsam or hogwash?
> 
> What are the benefits of each?  what are the downsides?

Just for the record, SnortSam is not a GIDS. Snort-Inline and Hogwash to
the filtering/blocking on that Snort box. SnortSam just collects
blocking requests from several Snort boxes and passes them to
firewalls/routers to block there. Completely different in nature.

And that is one of the benefits. If you want you 20 Cisco PIXes, 10
Netscreens, and 55 Checkpoint firewalls in your enterprise wide LANS all
over the world, all at the same time block out an intruder (in essence,
close all your Internet, partner, and links or whatever) for a defined
period of time, then SnortSam is for you. It does not block on the Snort
box itself, it just acts as a proxy to control other devices.

Cheers,
Frank

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030119/a78304f3/attachment.sig>


More information about the Snort-users mailing list