frank at ...9761...
Mon Feb 16 14:55:03 EST 2004
On Mon, 2004-02-16 at 12:48, Matt Kettler wrote:
> 3) snortsam
> - supports a wide variety of firewalls, but acts slightly after
> the fact. This means the packet that contained the trigger gets passed, but
> subsequent packets will get blocked, limiting the impact of the exposure.
While that is true, it can block on more than one enforcement point at
the same time. Plus it can create a semi-permanent (full block on IP for
a defined time interval) block or isolate systems. While not real time,
it has a lot of flexibility going for it.
(Sorry, haven't pitched Snortsam in a while ;)
Warning at the Gates of Bill:
Abandon hope, all ye who press <ENTER> here...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-users