[Snort-users] Which rules to get inline

mosquitooth at ...158... mosquitooth at ...158...
Sun Mar 6 13:26:26 EST 2005


as snort is able to get 'inline' and therefore act as an IPS. But, as there
are still some false positives, it seems to me that not every rule is useful
in an IPS environment - but which are? I think that especially the
BAD_TRAFFIC and BACKDOOR rules won't fail often - so these would be of first
choice when deploying an 'IPS'. Do you agree? Which rules do you think would
serve this purpose?

Thanks for any answers on this poll,


DSL Komplett von GMX +++ Supergünstig und stressfrei einsteigen!
AKTION "Kein Einrichtungspreis" nutzen: http://www.gmx.net/de/go/dsl

More information about the Snort-users mailing list