Snort mailing list archives
Re: It is possible to execute NIPS and NIDS together?
From: "Cynthia Leonard \(cyleonar\) via Snort-users" <snort-users () lists snort org>
Date: Tue, 12 Jun 2018 02:40:09 +0000
Hi Younes, I am not sure what extra information apart from the alert information you are looking. Alert contains the src (attacker) IP address, time of the alert etc. So when you add a rule to drop, you are effectively achieving the same thing - blocking the attack and logging the alert with the attack details. Regards Cynthia From: Younes Abderrahmane [mailto:younes.abderrahmane31 () gmail com] Sent: Sunday, June 10, 2018 5:17 AM To: Cynthia Leonard (cyleonar) <cyleonar () cisco com> Cc: snort-users () lists snort org Subject: Re: [Snort-users] It is possible to execute NIPS and NIDS together? Importance: High Thank you I really appreciate your help. **Cynthia Leonard ** so by configuring snort in NIPS mode and by putting rule action as drop allows me to store alerts in the database (using for that the barnyard plugin). my purpose is to block the attack attempts, and at the same time store the info of the attacker in a database (ip address, attack time, attacked ...). best regards sincerely. On Tue, Jun 5, 2018 at 11:08 AM, Cynthia Leonard (cyleonar) <cyleonar () cisco com<mailto:cyleonar () cisco com>> wrote: Hi Younes, If you run Snort in NIPS mode , that should help you detect and block the attacks. You can initially start with rule action as alert, if you want to only view the alerts, then you can change the rule action from alert -> drop if you want to block the attacks after taking a look at the alerts. Regards Cynthia From: Snort-users [mailto:snort-users-bounces () lists snort org<mailto:snort-users-bounces () lists snort org>] On Behalf Of Younes Abderrahmane via Snort-users Sent: Friday, June 1, 2018 10:15 PM To: snort-users () lists snort org<mailto:snort-users () lists snort org> Subject: [Snort-users] It is possible to execute NIPS and NIDS together? Hello everyone , Is it possible to install snort in a machine as being NIDS to generate alerts and store them in the database (I have already made this stage using Barnyard2 and MySQL database ) , and in the second machine as being NIPS to block the traffic generates by this NIDS? my goal is to save the alerts in a MySQL database, and then block the attack attempts that generated these alerts. I do not know if NIDS is able to do these two options (generate alerts and block attacks), that's why I thought about using a NIPS with NIDS. it's possible Thank you.
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- It is possible to execute NIPS and NIDS together? Younes Abderrahmane via Snort-users (Jun 04)
- Re: It is possible to execute NIPS and NIDS together? Cynthia Leonard (cyleonar) via Snort-users (Jun 05)
- Re: It is possible to execute NIPS and NIDS together? Younes Abderrahmane via Snort-users (Jun 10)
- Re: It is possible to execute NIPS and NIDS together? Cynthia Leonard (cyleonar) via Snort-users (Jun 13)
- Re: It is possible to execute NIPS and NIDS together? Younes Abderrahmane via Snort-users (Jun 10)
- <Possible follow-ups>
- It is possible to execute NIPS and NIDS together? Younes Abderrahmane via Snort-users (Jun 04)
- Re: It is possible to execute NIPS and NIDS together? Cynthia Leonard (cyleonar) via Snort-users (Jun 05)