[Snort-users] IDS or IPS
marcio.guerreiro at ...16117...
Wed Apr 15 17:50:31 EDT 2015
I am new to snort and I have a quick question..
I have installed snort as NDIS mode but I would like to know if is possible
to reset TCP connection as the following document states. As far I
understand Snort would be able to generate the alerts for me, however if I
need to take some action I would have to manually resolve the problem or
some how implement snort as IPS ?
The document I am reading is about IDS in general.
If the sensors detect any malicious activity, it matches the malicious
packet against the
attack signature database. In case it finds a match, the sensor reports the
activity to the management console. The sensor can take different actions
how they are configured."For example, the sensor can reset the TCP
connection by sending a
TCP FIN, modify the access control list on the gateway router or the
or send an email notification to the administrator for appropriate action."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users