Re: snort

From: John (jwholmes_at_muskyscent.net)
Date: 01/08/04


Date: Thu, 08 Jan 2004 03:00:12 GMT

On Wed, 07 Jan 2004 09:39:19 -0500, Dan wrote:

> Is it worth paying $10,000 for source fire to make using SNORT easier?
> Does using source fire with SNORT make SNORT a middle weight IDS solution as
> opposed to a lightweight?
>
> http://www.insecure.org/tools2000.html
>
> _Or_ is it worth the time and energy to write your own scripts and updates.

  You may be confused about "lightweight IDS". The term refers to the
adaptability/flexibility of the program, not its capability.

  In other words, snort runs on multiple platforms, is relatively easy to
setup and doesn't require lots of power from the host system.

  Can't speak for the price you quote but Sourcefire sells hardware
solutions using snort plus technical support. You can roll your own rather
easily if you have someone available with good network/security skills.
Updated signatures are available from a variety of sources, you can also
create or modify existing signatures unlike many proprietery IDS systems.



Relevant Pages

  • snort
    ... Is it worth paying $10,000 for source fire to make using SNORT easier? ... Does using source fire with SNORT make SNORT a middle weight IDS solution as ...
    (alt.computer.security)
  • Re: IDS vs. IPS deployment feedback
    ... It is not accurate to state that the IPS ... Those two IPS technologies are NFR and Snort. ... signatures for the same vulnerability, ... Snort rules are developed by volunteers (or Sourcefire). ...
    (Focus-IDS)
  • RE: IDS vs. IPS deployment feedback
    ... claiming that ISS uses 1. ... asked for an example in which Snort used more signatures to provide ... agree that they handle exactly what the Snort rules are doing. ... You state that Snort uses 300 rules to cover one vulnerability while ...
    (Focus-IDS)
  • Re: Value of "richer" signatures?
    ... Snort, Dragon, and NFR, and I can tell you that they ... Here's an example of how the newer IDS signatures help ... Let's say you are using a simple packet grepping IDS ... > an FTP connection). ...
    (Focus-IDS)
  • RE: Belaboring the point of FPs (haha!)
    ... the QUALITY and INTEGRITY of the signatures being written. ... feel, protocol decoding, etc. in IDS tests being published. ... > I'm not saying that this is a BIG problem for Snort, ... > expressed in the Snort rules language. ...
    (Focus-IDS)