You are not currently logged in. If you do not have a user account then please consider creating one and logging in before you post your comment. This will allow you to track replies to your comment, and take part in the site much more freely.

To add your comment, fill in all the boxes below and then preview it to make sure you're happy with the way that it looks.

This is the comment you were replying to, attached to the article Using the 'snort' Intrusion Detection System:

#5 Re: Using the 'snort' Intrusion Detection System Posted by Anonymous (85.216.xx.xx) on Tue 27 Dec 2005 at 14:07 I would recommend using oinkmaster for regularily updating your rules, since attacks develop, forgetting a snort sensor with old rules is not a good idea. Also, consider using snort-inline. If snort can detect the attack, why not also stop it? This is what snort-inline does -- it converts snort from intrusion detection to intrusion prevention system. Who reads the logs anyways? (especially if you are looking on the internet side of things). Any idea of how to make snort look at only those packets, that actually make it through firewall if you have only one interface (say eth0) connected directly into the internet? Sometimes you have a lonely server on the internet...

Username:	Anonymous
Title:
Your Comment:
Posting Format:	BBCode HTML Text Plain Text Textile

Inappropriate comments will be removed.

Username:

Password:

[ Advanced Login ]

Register Account