[Snort-users] Re:Easy web-server protection?

Shaiful shaifuljahari at ...131...
Wed Jan 29 22:37:03 EST 2003


Hi,

Snort is an Intrusion Detection System (IDS) not
Intrusion Prevention System (IPS). You need something
like hogwash or snort-inline to drop the attack.

Below is the copy of my email to focus-ids early this
morning regarding the similar matter. Hope it helps.

Regards,
Shaiful

> Hi,
> 
> I've never tried snort-inline but I believed the
> concept is similar to hogwash.
> 
> If you want information about similar arrangement,
> just search for hogwash implementation.  Last time I
> checked there are quite a few.
> 
> For the last Code Red worm outbreak, I've used 
> hogwash and block Code Red. IMHO, Code Red is worst
> since it uses port 80 which normally open at the
firewall.
> 
> Running hogwash make me think why on earth the idea
of
> stopping application attack at layer 2 or 3 is not
> popular before.  Actually I've been waiting for
> hogwash like program one year before it is released
> and mostly due to my poor coding skill. The idea is
> quite old if you bother to search snort mailing
list.
> But looking at hogwash code, then I realised it is
not
> really rocket science ;-)
> 
> Regards,
> Shaiful
> 


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




More information about the Snort-users mailing list