I know the purpose of a white-list and now while im running on 4hours of
sleep, it makes more sense.(Damn MVA)
Now, if you insert an IP in your whitelist, yea you won't block on that
particular IP, but hopefully you only put *trusted*
machines in that list. I now know what he meant about missing attacks,
but i was tired.. eek still am.

Cheers!

    - Alberto *Yawn* Gonzalez

Frank Knobbe wrote:

>On Tue, 2002-12-03 at 01:37, Alberto Gonzalez wrote:
>
>
>
>>Maybe I missed something. but what does a white-list of IP's have todo
>>with missing internal attacks?
>>Yes, snortsam does active blocking. doesn't mean the engine it uses
>>stops alerting on malicious packets.
>>You configure the rules to use with snortsam. YOU have control. Just
>>configure snortsam (which uses snort)
>>to listen on the internal interface, or am I just extremly tired?
>>
>>
>
>You must be tired ;)
>
>Snort will only send a blocking *request* to SnortSam. It still works as
>a normal IDS. SnortSam can ignore requests for IP's that are
>white-listed. One doesn't have anything to do with the other. The IDS is
>still an IDS is still and IDS...
>
>Frank
>
>
>

-- 
The secret to success is to start from scratch and keep on scratching.
-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]