Re: snort

From: Hairy One Kenobi (abuse_at_[127.0.0.1)
Date: 01/08/04


Date: Thu, 8 Jan 2004 00:58:28 -0000


"Dan" <bitsandbytes88@hotmail.com> wrote in message
news:Zb-dnVqkX42Kh2GiRVn-jQ@speakeasy.net...
> Is it worth paying $10,000 for source fire to make using SNORT easier?
> Does using source fire with SNORT make SNORT a middle weight IDS solution
as
> opposed to a lightweight?
>
> http://www.insecure.org/tools2000.html
>
> _Or_ is it worth the time and energy to write your own scripts and
updates.

IMHO. Let's say that again: "IMHO"

Any IDS tool (or something that acts as an IDS tool) is only useful if
someone can act on the results.

Not sure where $10k came from..? It's an interesting interface to LibPCap,
isn't it? Just like Ethereal? Are you looking at buying-in a monitoring
service, or deploying something yourself? Did I miss something about
Commercial licensing?

Please point out where the shoe's going to drop.. ;o)

H1K



Relevant Pages

  • Re: snort
    ... > Is it worth paying $10,000 for source fire to make using SNORT easier? ... Setup snort to log to mysql then front end it with acid. ... your e-mail without running your own mail server and ...
    (alt.computer.security)
  • Re: snort
    ... > Is it worth paying $10,000 for source fire to make using SNORT easier? ... > Does using source fire with SNORT make SNORT a middle weight IDS solution ... If you're going to use Snort, just save your money and build your own ...
    (alt.computer.security)
  • snort
    ... Is it worth paying $10,000 for source fire to make using SNORT easier? ... Does using source fire with SNORT make SNORT a middle weight IDS solution as ...
    (alt.computer.security)