[Snort-users] NIPS Rules

wkitty42 at windstream.net wkitty42 at windstream.net
Tue Aug 22 16:32:32 EDT 2017


On 08/22/2017 02:12 AM, Manojit Ghosh via Snort-users wrote:
> I was hoping to block them using snort. I am in a wireless network.

in that case, you might want to run snort in IPS mode instead of IDS mode... 
that puts snort inline of your traffic where it can drop the traffic or let it 
pass...

an alternative would be to use another device as a sniffer/firewall and let 
snort and the firewall communicate (somehow) so the firewall can update its 
settings for blocking...

security onion does a lot (a whole lot!) and may be able to talk so various 
firewalls... snort is part of security onion and it comes with the database and 
analysis stuff as well as being able to clone off files being transferred so 
they can be analyzed, too...

i don't use security onion but i have looked at it in the past...

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*



More information about the Snort-users mailing list