[Snort-users] snort-inline vs. firewall

Ravi ravivsn at ...9637...
Fri Sep 12 03:49:50 EDT 2003

Hi Matt Kettler/Bishan

Agreed, And also IPS or IDS they generate lot of false positives which
confuses a lot and may block genuine traffic.

yes, placing IPS behind a strong firewall will decrease the overhead for
the IPS/IDS. But generally network administrators would be also
interested in knowing what type of attacks are their networks targeted.
So IMHO a honeynet would satisfy to a great extent for the
administrators who wants to have an idea about the malicious traffic.

So a firewall-->IPS--->honeynet is a best solution I could think of.

Any comments,


> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

The views presented in this mail are completely mine. The company is not
responsible for what so ever.
Ravi Kumar CH
Rendezvous On Chip (I) Pvt Ltd
ROC home page <http://www.roc.co.in>

More information about the Snort-users mailing list