[Snort-users] Action while receive alerts

Joel Esler joel.esler at ...1935...
Fri Aug 11 07:17:51 EDT 2006


Yes.  Snort does not know if your machine has been patched or not, it  
observes the attack and warns you on it.  In order to do what you are  
asking, you'd need Snort combined with a product like RNA.  Both from  
Sourcefire.

Joel


On Aug 10, 2006, at 10:18 PM, Than Yu Jin wrote:

> Hi all,
>
>
>
> May I know what is you all action while receiving alerts from your  
> snort server?
>
> Did you patch accordingly to the servers being intruder?
>
>
>
> Let’s have a scenario as below,
>
> Example: While someone is trying to intrude to my server  
> application vulnerability which I already patched with latest patch.
>
> 1) Will I still receive snort alert?
>
>
>
> Thank You.....
>
>
>
> Regards,
>
> Eugene
>
> IT Security, OPUS/IT
>
> 03 - 27306653 (ext: 653)
>
>
>
> Data Classification: 2
> [ 0-Public  1-Internal  2-Confidential (authorization required)  3- 
> Strictly Confidential ]
>
> This message is intended solely for the addressee. It is  
> confidential and may be legally privileged. Access to this message  
> by anyone is unauthorized. Unauthorized use is strictly prohibited  
> and may be unlawful.  If you are not the intended recipient, any  
> disclosure, copying, or distribution of the message, or any action  
> or omission taken by you in reliance on it, except for the purpose  
> of the delivery to the addressee, is prohibited and may be  
> unlawful. Any confidentiality or privilege is not waived or lost  
> because this mail has been sent to by mistake.
>
>
>
> This e-mail and any attachments therewith are intended only for the  
> use of the address. This e-mail may contain confidential and  
> privileged information. Any unauthorized use, copying or disclosure  
> of information contained in this e-mail or its attachments is  
> strictly prohibited and may be unlawful. If you have received this  
> e-mail in error, please contact the sender via return e-mail and  
> delete this e-mail and attachments thereafter. Any confidentiality  
> or privilege is not waived or lost because this e-mail has been  
> sent to you by mistake. Any liability for viruses is excluded to  
> the fullest extent permitted by law.
>
>
> ---------------------------------------------------------------------- 
> ---
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642______________________________ 
> _________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

+---------------------------------------------------------------------+
joel esler          senior security consultant         1-706-627-2101
Sourcefire    Security for the /Real/ World -- http://www.sourcefire.com
        Snort - Open Source Network IPS/IDS -- http://www.snort.org
          gpg key: http://demo.sourcefire.com/jesler.pgp.key
            aim:eslerjoel  ymsg:eslerjoel gtalk:eslerj
+---------------------------------------------------------------------+






More information about the Snort-users mailing list