Re: IDS for Pix Firewall

From: Andrew Plato (
Date: 02/10/02

Date: 10 Feb 2002 07:02:32 -0000
From: Andrew Plato <>

('binary' encoding is not supported, stored as-is)

In-Reply-To: <>

Snort (Sourcefire), Dragon IDS, Network Flight
Recorder, BlackICE Sentry, Cisco IDS - take your
pix :-)

Snort is definately the cheapest, but it will take you
longer to setup and get alerts.

Personally - Snort and BlackICE are probably the
best performance-wise. But I am biased because this
is what I use. I've been testing Dragon lately...seems

Andrew Plato
President / Principal Consultant
Anitian Corporation

Relevant Pages

  • Re: PIX Firewall auditing suggestions please!
    ... Alrighty, I've enabled logging on my PIX firewall, and I have a SysLog ... service running and getting messages (around 8000 and hour at last ... no problems below the application level layer. ... > For the last point an IDS like snort is defintely the better tool: ...
  • Re: Cisco PIX 501 vs Sun Ultrasparc for VPN connections?
    ... use the pix for your first line of defense.. ... then toss up a 'nix box ... for snort and ids stuff ...