Snort is a packet inspection tool looking straight at the stream of packets (both incoming and outgoing). It can be configured to sit inside or outside the firewall (if it is outside it will track traffic which could still be blocked by your firewall). It uses the firewall for its blocks. It is also quite resource intensive. Up to 2.9.x it was single-threaded so could only use one processor core. I think 3.x is multi-threaded but I'm not sure. Because it is so resource heavy it is best to only enable rules for which you you have services exposed in your firewall, so don't enable SSH rules if you don't expose SSH to the internet etc.
F2B is a log analysis tool, watching your logs and/or your journal and it responds to various patterns in your logs. It also uses the firewall for blocking.
Both can quite happily live together
Nick
On 02/12/2020 14:47, Turritopsis
Dohrnii Teo En Ming wrote:
Subject: What are the differences between Fail2ban IPS and Snort IPS?
Good day from Singapore,
What are the differences between Fail2ban IPS and Snort IPS?
One difference I can think of is that Fail2ban is a host-based IPS while Snort is a network-based IPS.
Please correct me if I am wrong.
I have deployed Snort IPS (as an installed package inside pfSense firewall/network security appliance) a few times before but I have not deployed Fail2ban IPS yet. I am looking forward to deploying Fail2ban IPS in the future. Is it very difficult to install and configure Fail2ban?
Thank you.
IPS: Intrusion Prevention System
IDS: Intrusion Detection System
IDPS: Intrusion Detection and Prevention System
Mr. Turritopsis Dohrnii Teo En Ming, 42 years old as of 2nd December 2020 Wed, is a TARGETED INDIVIDUAL (TI) living in Singapore.
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
