Unless Snort has added some features it is just an Intrusion Detection System and does not offer Intrusion Prevention.
Phil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sean Johnson Sent: Tuesday, December 14, 2004 1:30 PM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] OT: intrusion prevention Snort ( http://www.snort.org ) won't cost you anything other than the time to learn it, and really no matter what kind of IDS solution you use, there is a decent learning curve to overcome. On Mon, 13 Dec 2004 18:05:50 -0500, Kern, Tom <[EMAIL PROTECTED]> wrote: > my company is looking at getting cisco security agent for intrusion prevention. Personally, at $60,000, I think its a bit much. > does anyone have any cheap intrusion prevention software they use out there? or can you lockdown your desktops enough via GPO's and good AV? > > we get alot of bots lately on our network. these bots infect fully patched boxes and start making outbound requests on ports 445 and 6667 flooding our network to a crawl and sometimes even DOSing our firewall. > as i've said, they even infect patched pc's with fully updated AV defs(Symantec corporate 9.0). > the attraction to cisco is that(according to cisco marketing..), an client agent is installed which will stop the action of any unauthorized app or service from running and alert an admin. > still, i think there's got to be a cheaper way to stop this stuff. > any ideas(or personal experience with cisco agent)? > thanks > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
