Wiki

User Tools

Site Tools

Trace:
pfsense:suricata:inline_versus_legacy_ips_mode

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

pfsense:suricata:inline_versus_legacy_ips_mode [2021/01/20 12:56] – created peterpfsense:suricata:inline_versus_legacy_ips_mode [2021/01/20 12:57] (current) peter
Line 17: Line 17:
   * Packets that subsequently come through from the same IP address will now get blocked, though.   * Packets that subsequently come through from the same IP address will now get blocked, though.
  
 +----
  
-  Hence I use the term "hybrid IDS/IPS" because a true IPS would never leak a packet. +  * This could be referred to as a "hybrid IDS/IPS" because a true IPS would never leak a packet. 
-  A true IPS would hold up the original packet while it was being inspected, and then either pass it or drop it. +  A true IPS would hold up the original packet while it was being inspected, and then either pass it or drop it. 
-  Legacy mode does not hold up the original packet. +  Legacy mode does not hold up the original packet. 
-  It is allowed to continue on to the firewall while the cloned copy is used to make the decision for blocking future packets from the IP address.+  It is allowed to continue on to the firewall while the cloned copy is used to make the decision for blocking future packets from the IP address.
  
  
pfsense/suricata/inline_versus_legacy_ips_mode.1611147407.txt.gz · Last modified: 2021/01/20 12:56 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki