[Snort-users] Re:Easy web-server protection?

Eduardo Kita ekita at ...8161...
Thu Jan 30 03:32:06 EST 2003


You can also try Snort+FlexResp.


Shaiful wrote:

>Hi,
>
>Snort is an Intrusion Detection System (IDS) not
>Intrusion Prevention System (IPS). You need something
>like hogwash or snort-inline to drop the attack.
>
>Below is the copy of my email to focus-ids early this
>morning regarding the similar matter. Hope it helps.
>
>Regards,
>Shaiful
>
>  
>
>>Hi,
>>
>>I've never tried snort-inline but I believed the
>>concept is similar to hogwash.
>>
>>If you want information about similar arrangement,
>>just search for hogwash implementation.  Last time I
>>checked there are quite a few.
>>
>>For the last Code Red worm outbreak, I've used 
>>hogwash and block Code Red. IMHO, Code Red is worst
>>since it uses port 80 which normally open at the
>>    
>>
>firewall.
>  
>
>>Running hogwash make me think why on earth the idea
>>    
>>
>of
>  
>
>>stopping application attack at layer 2 or 3 is not
>>popular before.  Actually I've been waiting for
>>hogwash like program one year before it is released
>>and mostly due to my poor coding skill. The idea is
>>quite old if you bother to search snort mailing
>>    
>>
>list.
>  
>
>>But looking at hogwash code, then I realised it is
>>    
>>
>not
>  
>
>>really rocket science ;-)
>>
>>Regards,
>>Shaiful
>>
>>    
>>
>
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
>http://mailplus.yahoo.com
>
>
>-------------------------------------------------------
>This SF.NET email is sponsored by:
>SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
>http://www.vasoftware.com
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>  
>

-- 

============
Eduardo Kita
Equipe  Unix
  SEF - RJ
============







More information about the Snort-users mailing list