Daniel S. Haischt wrote:
Beside that I always thought Snort is first and foremost
an IDS and not an IPS...
It can do both, IIRC.
But commercial IDS/IPS products have been blurring the line between
these two purposes for years - upto a point where I think there is no
real distinction possible anymore.
Just like various "intelligence"-techniques have blurred the line
between packet filter and application firewall in the
commercial-firewall world.
At least in this respect, pfSense is still a clear packet-filter only ;-)
And ideally, it should stay this way while analyzing packet-content
should occur elsewhere (because it also needs much more CPU-power).
cheers,
Rainer