Re: New to Snort !!!

From: Joel Esler (eslerj_at_gmail.com)
Date: 05/28/05

  • Next message: mamo: "Snort on Gigabit [was Re: IDS\IPS that can handle one Gig]" 
    Date: Sat, 28 May 2005 12:14:06 -0500
To: Venkatesh G S <venkatesh.gs@gmail.com>

    What's your questions?

    Snort should be placed on your outer-most network device on a "SPAN"
    or "Mirrored" port.

    Snort should be installed on a Linux platform. The Windows version
    (as far as I know) tends to drop more packets. Maybe someone can
    correct me.

    A better place to submit your questions is on the snort-users listserv..

    Look it up at www.snort.org

    Joel

    On 5/24/05, Venkatesh G S <venkatesh.gs@gmail.com> wrote:
    > Hi all,
    >
    > I am a new member to this group & i am sure i will get your
    > valuable suggestion for my problem.
    > I work for an organization where we have almost all the latest
    > devices in place, which includes L3 Switches, VOIP,High end server &
    > etc. We have around 1500 desktops & this is a production environment.
    >
    > My problem
    >
    > i) My network manager wants me to suggest an IDS, and i googled
    > yesterday i recommened him - Snort.
    > ii) I am quite new to IDS and i haven't done even a single
    > installation of Snort till now.
    >
    > Can anyone let me know the features of Snort, where this sensor should
    > be placed in the Network?. Plz dont think that i am not doing my
    > homework.i have already started to collect information from Snort.org
    > but i find it a little to difficult to undersatnd the concept.
    >
    > I need help in how to install Snort?. Finally are there any windows
    > edition of Snort avaliable.
    >
    > Regards
    >
    > Venkatesh
    >
    >
    > --
    > The impossible is often untried.
    >
    > --------------------------------------------------------------------------
    > Test Your IDS
    >
    > Is your IDS deployed correctly?
    > Find out quickly and easily by testing it with real-world attacks from
    > CORE IMPACT.
    > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    > to learn more.
    > --------------------------------------------------------------------------
    >
    > 

    -- 
Joel Esler
BASE Project Lead
http://sourceforge.net/projects/secureideas
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
  • Next message: mamo: "Snort on Gigabit [was Re: IDS\IPS that can handle one Gig]"

    Relevant Pages

    • Re: IDS is dead, etc
      ... is there any way to make the quality of data coming out of the IDS ... I'm working on just such a program/product called RNA (Real-time Network ... on the Sourcefire web site. ... > to see an snort Ethereal plugin as I regularly take a raw packet dump of our ...
      (Focus-IDS)
    • Re: Value of "richer" signatures?
      ... Snort, Dragon, and NFR, and I can tell you that they ... Here's an example of how the newer IDS signatures help ... Let's say you are using a simple packet grepping IDS ... > an FTP connection). ...
      (Focus-IDS)
    • Re: New to Snort !!!
      ... There's really two schools of thought on where to place an IDS, ... are coming through your edge and into your "trusted" network, ... Snort 2.0 Intrusion Detection or Snort 2.1 Intrusion detection Second ...
      (Focus-IDS)
    • Re: ids inquisition
      ... Subject: ids inquisition ... Snort isn't one of them. ... Brian Caswell - CSV output plugin, ... Christian Lademann - active response, ...
      (Focus-IDS)
    • RE: IDS recommendations
      ... Subject: IDS recommendations ... Snort is a relatively raw tool and that usually adds ... >> I can appreciate your comments on the ISS product. ...
      (Focus-IDS)