On 10/5/06, Chris Godwin <[EMAIL PROTECTED]> wrote:
Am I correct about Snort being able to block as well as detect? Isn't this IDS/IPS, not just IDS.
It is a delayed IDS. Generally an IPS hooks into the network stack directly and does not allow the traffic to pass through until its scanned. This is the counter of that, where a packet may be let through and then a block rule is added 50ms later, etc. Scott