[Snort-users] IDS or IPS
Al Lewis (allewi)
allewi at ...589...
Wed Apr 15 20:56:58 EDT 2015
Please see the section on active response: http://manual.snort.org/node26.html
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...589...
From: Marcio Guerreiro [mailto:marcio.guerreiro at ...16117...]
Sent: Wednesday, April 15, 2015 5:51 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] IDS or IPS
I am new to snort and I have a quick question..
I have installed snort as NDIS mode but I would like to know if is possible to reset TCP connection as the following document states. As far I understand Snort would be able to generate the alerts for me, however if I need to take some action I would have to manually resolve the problem or some how implement snort as IPS ?
The document I am reading is about IDS in general...
If the sensors detect any malicious activity, it matches the malicious packet against the
attack signature database. In case it finds a match, the sensor reports the malicious
activity to the management console. The sensor can take different actions based on
how they are configured."For example, the sensor can reset the TCP connection by sending a
TCP FIN, modify the access control list on the gateway router or the firewall
or send an email notification to the administrator for appropriate action."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users