Yes. Snort does not know if your machine has been patched or not, it
observes the attack and warns you on it. In order to do what you are
asking, you'd need Snort combined with a product like RNA. Both from
Sourcefire.
Joel
On Aug 10, 2006, at 10:18 PM, Than Yu Jin wrote:
Hi all,
May I know what is you all action while receiving alerts from your
snort server?
Did you patch accordingly to the servers being intruder?
Let’s have a scenario as below,
Example: While someone is trying to intrude to my server
application vulnerability which I already patched with latest patch.
1) Will I still receive snort alert?
Thank You.....
Regards,
Eugene
IT Security, OPUS/IT
03 - 27306653 (ext: 653)
Data Classification: 2
[ 0-Public 1-Internal 2-Confidential (authorization required) 3-
Strictly Confidential ]
This message is intended solely for the addressee. It is
confidential and may be legally privileged. Access to this message
by anyone is unauthorized. Unauthorized use is strictly prohibited
and may be unlawful. If you are not the intended recipient, any
disclosure, copying, or distribution of the message, or any action
or omission taken by you in reliance on it, except for the purpose
of the delivery to the addressee, is prohibited and may be
unlawful. Any confidentiality or privilege is not waived or lost
because this mail has been sent to by mistake.
This e-mail and any attachments therewith are intended only for the
use of the address. This e-mail may contain confidential and
privileged information. Any unauthorized use, copying or disclosure
of information contained in this e-mail or its attachments is
strictly prohibited and may be unlawful. If you have received this
e-mail in error, please contact the sender via return e-mail and
delete this e-mail and attachments thereafter. Any confidentiality
or privilege is not waived or lost because this e-mail has been
sent to you by mistake. Any liability for viruses is excluded to
the fullest extent permitted by law.
----------------------------------------------------------------------
---
Using Tomcat but need to do more? Need to support web services,
security?
Get stuff done quickly with pre-integrated technology to make your
job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
http://sel.as-us.falkag.net/sel?
cmd=lnk&kid=120709&bid=263057&dat=121642______________________________
_________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
+---------------------------------------------------------------------+
joel esler senior security consultant 1-706-627-2101
Sourcefire Security for the /Real/ World -- http://www.sourcefire.com
Snort - Open Source Network IPS/IDS -- http://www.snort.org
gpg key: http://demo.sourcefire.com/jesler.pgp.key
aim:eslerjoel ymsg:eslerjoel gtalk:eslerj
+---------------------------------------------------------------------+
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
