Re: Need some advice on an IDS solution

From: Jim Richardson (
Date: 11/29/03

Date: Sat, 29 Nov 2003 10:04:59 -0800

Hash: SHA1

On Tue, 25 Nov 2003 20:53:25 GMT,
 Bachrach V3.1 <> wrote:
> Drew Cutter wrote:
>> Just check . Snort does run on solaris.
> What? No one likes tripwire?

I like snort and a file integrity checker, like tripwire. Together.
Neither one is a replacement for the other.

Version: GnuPG v1.2.3 (GNU/Linux)


Jim Richardson
"If you choke a smurf, what color does it turn?"

Relevant Pages

  • Re: Linux/*nix open source IDS
    ... Snort is my personal favorite. ... AFAIK Tripwire is more a "System File ... IDS" which creates a hash of files and compares to check for differences. ... sort of critiques they have received. ...
  • Re: Info HIDS
    ... Snort will provide the kind of monitoring you are asking about. ... be configured to monitor an entire network, and output logs in tcp dump, ... >configure an HIDS (tripwire) to get intrusion's information about a Web ...
  • Re: snort or tripwire, which is best?
    ... > For a relative novice using Mandriva linux, which would be better, snort ... for me to install and configure on my system? ... your network interface while tripwire scans your filesystems. ...
  • Re: snort or tripwire, which is best?
    ... >> your network interface while tripwire scans your filesystems. ... > So snort will not log or notify me if a system file is ... intruder has a chance to alter that system file. ...
  • Re: Filtering out P2P traffic
    ... You may be interesed in Snort and Snortsam ... In an educational institution I use Solaris 10 on the gateway between ... Is possible to block P2P traffic with the IPFilter included in Solaris ...