[Snort-users] snort-inline vs. firewall

Ravi ravivsn at ...9637...
Fri Sep 12 03:49:50 EDT 2003


Hi Matt Kettler/Bishan

Agreed, And also IPS or IDS they generate lot of false positives which
confuses a lot and may block genuine traffic.

yes, placing IPS behind a strong firewall will decrease the overhead for
the IPS/IDS. But generally network administrators would be also
interested in knowing what type of attacks are their networks targeted.
So IMHO a honeynet would satisfy to a great extent for the
administrators who wants to have an idea about the malicious traffic.

So a firewall-->IPS--->honeynet is a best solution I could think of.

Any comments,

Regards,
Ravi



> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- 

The views presented in this mail are completely mine. The company is not
responsible for what so ever.
------------------------------------------------------------------------
Ravi Kumar CH
Rendezvous On Chip (I) Pvt Ltd
Hyderbad
INDIA
ROC home page <http://www.roc.co.in>






More information about the Snort-users mailing list