Re: snort-inline vs. firewall

[Ravi <ravivsn () roc co in>]

Hi Matt Kettler/Bishan

Agreed, And also IPS or IDS they generate lot of false positives which
confuses a lot and may block genuine traffic.

yes, placing IPS behind a strong firewall will decrease the overhead for
the IPS/IDS. But generally network administrators would be also
interested in knowing what type of attacks are their networks targeted.
So IMHO a honeynet would satisfy to a great extent for the
administrators who wants to have an idea about the malicious traffic.

So a firewall-->IPS--->honeynet is a best solution I could think of.

Any comments,

Regards,
Ravi



> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- 

The views presented in this mail are completely mine. The company is not
responsible for what so ever.
------------------------------------------------------------------------
Ravi Kumar CH
Rendezvous On Chip (I) Pvt Ltd
Hyderbad
INDIA
ROC home page <http://www.roc.co.in>




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users