Re: Need some advice on an IDS solution

From: Jim Richardson (warlock_at_eskimo.com)
Date: 11/29/03


Date: Sat, 29 Nov 2003 10:04:59 -0800


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 25 Nov 2003 20:53:25 GMT,
 Bachrach V3.1 <looker@vxexrxixzxoxnx.net> wrote:
> Drew Cutter wrote:
>
>> Just check snort.org . Snort does run on solaris.
>
> What? No one likes tripwire?

I like snort and a file integrity checker, like tripwire. Together.
Neither one is a replacement for the other.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/yN/Ld90bcYOAWPYRAnm0AJ9t01onHz/iIOpPNXUJKL/UTyfGMgCgr/tB
8HHjnNz38R67qqSmD6z+Ea4=
=qnvQ
-----END PGP SIGNATURE-----

-- 
Jim Richardson     http://www.eskimo.com/~warlock
"If you choke a smurf, what color does it turn?"


Relevant Pages

  • Re: Linux/*nix open source IDS
    ... Snort is my personal favorite. ... AFAIK Tripwire is more a "System File ... IDS" which creates a hash of files and compares to check for differences. ... sort of critiques they have received. ...
    (Focus-IDS)
  • Re: Info HIDS
    ... Snort will provide the kind of monitoring you are asking about. ... be configured to monitor an entire network, and output logs in tcp dump, ... >configure an HIDS (tripwire) to get intrusion's information about a Web ...
    (Security-Basics)
  • Re: snort or tripwire, which is best?
    ... > For a relative novice using Mandriva linux, which would be better, snort ... for me to install and configure on my system? ... your network interface while tripwire scans your filesystems. ...
    (comp.os.linux.security)
  • Re: snort or tripwire, which is best?
    ... >> your network interface while tripwire scans your filesystems. ... > So snort will not log or notify me if a system file is ... intruder has a chance to alter that system file. ...
    (comp.os.linux.security)
  • Re: Filtering out P2P traffic
    ... You may be interesed in Snort and Snortsam ... In an educational institution I use Solaris 10 on the gateway between ... Is possible to block P2P traffic with the IPFilter included in Solaris ...
    (Focus-SUN)