[Snort-users] It is possible to execute NIPS and NIDS together?

Cynthia Leonard (cyleonar) cyleonar at cisco.com
Mon Jun 11 22:40:09 EDT 2018

Hi Younes,
I am not sure what extra information apart from the alert information you are looking. Alert contains the src (attacker) IP address, time of the alert etc.
So when you add a rule to drop, you are effectively achieving the same thing - blocking the attack and logging the alert with the attack details.


From: Younes Abderrahmane [mailto:younes.abderrahmane31 at gmail.com]
Sent: Sunday, June 10, 2018 5:17 AM
To: Cynthia Leonard (cyleonar) <cyleonar at cisco.com>
Cc: snort-users at lists.snort.org
Subject: Re: [Snort-users] It is possible to execute NIPS and NIDS together?
Importance: High

Thank you I really appreciate your help. **Cynthia Leonard **

so by configuring snort in NIPS mode and by putting rule action as  drop allows me to store  alerts in the database (using for that the barnyard plugin).

my purpose  is to block the attack attempts, and at the same time store the info of the attacker in a database (ip address, attack time, attacked ...).

best regards sincerely.

On Tue, Jun 5, 2018 at 11:08 AM, Cynthia Leonard (cyleonar) <cyleonar at cisco.com<mailto:cyleonar at cisco.com>> wrote:
Hi Younes,
If you run Snort in NIPS mode , that should help you detect and block the attacks.  You can initially start with rule action as alert, if you want to only view the alerts, then you can change the rule action from alert -> drop if you want to block the attacks after taking a look at the alerts.


From: Snort-users [mailto:snort-users-bounces at lists.snort.org<mailto:snort-users-bounces at lists.snort.org>] On Behalf Of Younes Abderrahmane via Snort-users
Sent: Friday, June 1, 2018 10:15 PM
To: snort-users at lists.snort.org<mailto:snort-users at lists.snort.org>
Subject: [Snort-users] It is possible to execute NIPS and NIDS together?

Hello everyone ,

Is it possible to install snort in a machine as being NIDS to generate alerts and store them in the database (I have already made this stage using Barnyard2  and  MySQL database ) ,
and in the second machine as being NIPS to block the traffic generates by this NIDS?

my goal is to save the alerts in a MySQL database, and then block the attack attempts that generated these alerts.
I do not know if NIDS is able to do these two options (generate alerts and block attacks), that's why I thought about using a NIPS with NIDS.
it's possible

Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180612/ea5f74af/attachment.html>

More information about the Snort-users mailing list