|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Frank Knobbe (fknobbe_at_knobbeits.com)
Date: Tue Dec 03 2002 - 00:18:38 CST
On Tue, 2002-12-03 at 01:37, Alberto Gonzalez wrote:
> Maybe I missed something. but what does a white-list of IP's have todo
> with missing internal attacks?
> Yes, snortsam does active blocking. doesn't mean the engine it uses
> stops alerting on malicious packets.
> You configure the rules to use with snortsam. YOU have control. Just
> configure snortsam (which uses snort)
> to listen on the internal interface, or am I just extremly tired?
You must be tired ;)
Snort will only send a blocking *request* to SnortSam. It still works as
a normal IDS. SnortSam can ignore requests for IP's that are
white-listed. One doesn't have anything to do with the other. The IDS is
still an IDS is still and IDS...
Frank
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iQCVAwUAPexMvr+0ijK5TGa5AQLgDAQAk0CBEOzX47+K8A5mJRDt17c5iJPDoO7D
hUakpEF7F5+V6Xb+p3cFSVW2L3VraS4kz3bSLEEYjnnZE383Vt240ALsfp9x1zPa
0Dldnwy+e/SAWbaVg4XrqP/ffQ3U8bkM1pTHVQbH055Z2wbOA9UOsIBG59mFii40
8Kvn+PsveLo=
=s8KB
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T
handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users
lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]