[Snort-users] Re:Easy web-server protection?

Bob McDowell bmcdowell at ...7861...
Thu Jan 30 11:19:08 EST 2003


Yes, I can vouch for this one.  I love what it has done for our security
situation.  Bear in mind, though, that all due care is required.  I've
already posted some of the pitfalls I ran into.  Plus there are a few that I
didn't get around to sharing.  All that aside, though, flex-resp is better
than sliced bread.

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Eduardo
Kita
Sent: Thursday, January 30, 2003 5:38 AM
To: Shaiful
Cc: snort-users at lists.sourceforge.net; velbloud at ...131...
Subject: Re: [Snort-users] Re:Easy web-server protection?


You can also try Snort+FlexResp.


Shaiful wrote:

>Hi,
>
>Snort is an Intrusion Detection System (IDS) not
>Intrusion Prevention System (IPS). You need something
>like hogwash or snort-inline to drop the attack.
>
>Below is the copy of my email to focus-ids early this
>morning regarding the similar matter. Hope it helps.
>
>Regards,
>Shaiful
>
>
>
>>Hi,
>>
>>I've never tried snort-inline but I believed the
>>concept is similar to hogwash.
>>
>>If you want information about similar arrangement,
>>just search for hogwash implementation.  Last time I
>>checked there are quite a few.
>>
>>For the last Code Red worm outbreak, I've used
>>hogwash and block Code Red. IMHO, Code Red is worst
>>since it uses port 80 which normally open at the
>>
>>
>firewall.
>
>
>>Running hogwash make me think why on earth the idea
>>
>>
>of
>
>
>>stopping application attack at layer 2 or 3 is not
>>popular before.  Actually I've been waiting for
>>hogwash like program one year before it is released
>>and mostly due to my poor coding skill. The idea is
>>quite old if you bother to search snort mailing
>>
>>
>list.
>
>
>>But looking at hogwash code, then I realised it is
>>
>>
>not
>
>
>>really rocket science ;-)
>>
>>Regards,
>>Shaiful
>>
>>
>>
>
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
>http://mailplus.yahoo.com
>
>
>-------------------------------------------------------
>This SF.NET email is sponsored by:
>SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
>http://www.vasoftware.com
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>

--

============
Eduardo Kita
Equipe  Unix
  SEF - RJ
============





-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030130/3b78b4a3/attachment.html>


More information about the Snort-users mailing list