"Another" Newbie IDS Question

• Previous message: Deniz CEVIK: "Commercial Modem scan"
• Next in thread: McCammon, Keith: "RE: "Another" Newbie IDS Question"
• Reply: McCammon, Keith: "RE: "Another" Newbie IDS Question"
• Reply: McCammon, Keith: "RE: "Another" Newbie IDS Question"
• Reply: Dave Vehrs: "RE: "Another" Newbie IDS Question"
• Reply: Sebastien Berube: "Re: "Another" Newbie IDS Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 3 Oct 2001 09:08:26 -0500
From: netsecurity <netsecurity@duracompanies.com>
Message-ID: <11464550418.20011003090826@duracompanies.com>
To: focus-ids@securityfocus.com
Subject: "Another" Newbie IDS Question

I run a "mostly NT network with the usual mix of workstations (NT, 98
& 2000). I want to put some form of IDS (Snort?) with a remote logging
daemon in place preferably using a Linux (Mandrake 8.0) I have. Any
pointers on how, what or wherefore?

A crude drawing of my network as follows:

Internet
    |
    |
CISCO Router
    |
    |
Checkpoint FW (NT4)
    |
    |
3Com Switch
    |
    |
    -->Hub 1 ----> LAN
    |
    -->Hub 2 ----> DMZ

Allen Taylor
-----------------------
The DURA Companies
Indianapolis, IN

-------------------------------------------------------------------------
The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.
If the reader of this e-mail is not the intended recipient, or the
employee or agent responsible to deliver it to the intended recipient,
you are hereby notified that any review, dissemination, distribution
or copying of this communication is strictly prohibited. If you have
received this e-mail in error, please contact netsecurity@duracompanies.com
-------------------------------------------------------------------------

• Previous message: Deniz CEVIK: "Commercial Modem scan"
• Next in thread: McCammon, Keith: "RE: "Another" Newbie IDS Question"
• Reply: McCammon, Keith: "RE: "Another" Newbie IDS Question"
• Reply: McCammon, Keith: "RE: "Another" Newbie IDS Question"
• Reply: Dave Vehrs: "RE: "Another" Newbie IDS Question"
• Reply: Sebastien Berube: "Re: "Another" Newbie IDS Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Changed ISP now cant get to websites / traceroute ... I can trace to that point and then my trace dies with simple ... they may be willing to contact the network powers that be for the ... This e-mail message, including any attachments, is ... If you are not the intended recipient, ... (freebsd-questions) Re: Can I limit the bandwidth of a network interface with WIN32 API? ... a protocol driver gets a copy of the incoming and outgoing packets. ... By delaying or dropping those packets, it cannot delay the network traffic. ... not the intended recipient please notify the author by replying to this ... (microsoft.public.win32.programmer.networks) Re: Restricting View of E-Mail Groups ... will only see the SMTP address of the DL. ... other users in the BCC field. ... intended recipient. ... network from viewing the e-mail addresses of other e-mail members in a given ... (microsoft.public.exchange2000.admin) RE: [fw-wiz] Interlopers on the WLAN ... insecure mechanisms, like WEP, to stop access to the network? ... > various other cybercrime laws. ... are not the intended recipient, you are hereby notified that any use, ... If you have received this communication in error, ... (Firewall-Wizards) RE: "Another" Newbie IDS Question ... Subject: "Another" Newbie IDS Question ... I prefer to place one in front and one behind my firewall. ... etc.), depending on 1) sensitivity of data, 2) general interest, or 3) your ... If the reader of this e-mail is not the intended recipient, ... (Focus-IDS)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint