Re: IDS for Unix

From: Baron Biza (baron.biza_at_gmail.com)
Date: 06/30/05

Next message: mashraf_at_hushmail.com: "RE: eEye Blink and other Endpoint IPS solutions."

Previous message: Callan Tham: "Re: IDS for Unix"
In reply to: Callan Tham: "Re: IDS for Unix"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 30 Jun 2005 14:19:39 +0300
To: callan.tham@securecirt.com

hi, the problem is not read...the problem is the language, Im from
Argentina, and I cant find tutorial of Snort in spanish... well I
understand english but to read a long manual is so difficult, ill
try,thnx for ur replies, good luck.

On 6/30/05, Callan Tham <callan.tham@securecirt.com> wrote:
> On Thu, 2005-06-30 at 01:10 +0300, Baron Biza wrote:
> > Hello, Im new in this list, I never used IDS, I want start with one
> > for Unix (FreeBSD and Linux also), I know about Snort but there are a
> > lot of rules to configure by hand,, the WIndows users of Snort have a
> > program in graphic mode to configure their Snort, but we not :-(, is
> > there any IDS good,with the same level,in graphic mode,or easiest to
> > learn?,thnx,good luck.
>
> Hi Baron,
>
> Actually, there isn't much to configure rules-wise for Snort. The rules
> are there, you just tell Snort if you want to use it in its config file.
> If you want graphical management, take a look at SnortCenter[1]. It can
> manage both rules and config files centrally, and is easy to setup and
> use.
>
> But hey, nothing beats vim and a good read of the Snort manual if you're
> on a *nix platform. Even with SnortCenter, the Snort User Manual is a
> must read if you want to know more about writing rules.
>
> Good luck, and have fun!
>
> Cheers,
>
> Callan
>
> [1] http://users.pandora.be/larc/
>
>

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

Next message: mashraf_at_hushmail.com: "RE: eEye Blink and other Endpoint IPS solutions."

Previous message: Callan Tham: "Re: IDS for Unix"
In reply to: Callan Tham: "Re: IDS for Unix"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Value of "richer" signatures?
... Snort, Dragon, and NFR, and I can tell you that they ... Here's an example of how the newer IDS signatures help ... Let's say you are using a simple packet grepping IDS ... > an FTP connection). ...
(Focus-IDS)
Re: ids inquisition
... Subject: ids inquisition ... Snort isn't one of them. ... Brian Caswell - CSV output plugin, ... Christian Lademann - active response, ...
(Focus-IDS)
RE: IDS recommendations
... Subject: IDS recommendations ... Snort is a relatively raw tool and that usually adds ... >> I can appreciate your comments on the ISS product. ...
(Focus-IDS)
RE: "Free" IDS
... I am very surprised noone mentioned Demarc PureSecure IDS solution. ... It cost less than 2000.00 and it runs off of the snort engine and has a big ... if you want to learn snort then just read up on it. ...
(Focus-IDS)
RE: Test tools for IDS
... "Sneeze" is great for Snort IDS. ... Captus Networks IPS 4000 ... Intrusion Prevention and Traffic Shaping Technology to: ...
(Focus-IDS)