Re: IDS for old box?
From: Jan Reilink (janreilink_at_vevida.nl)
Date: 01/07/04
- Next message: Security Alert: "SSRT4681 Apache 1.3.29 web server on VVOS"
- Previous message: Rowdy Yates: "Re: IDS for old box?"
- In reply to: sponge: "Re: IDS for old box?"
- Next in thread: Rowdy Yates: "Re: IDS for old box?"
- Reply: Rowdy Yates: "Re: IDS for old box?"
- Reply: sponge: "Re: IDS for old box?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 07 Jan 2004 13:21:35 +0100
sponge wrote:
> On 6 Jan 2004 13:13:24 +0100, SteveYiu@nospam.com wrote:
>
>>Anyone know an IDS program that will work on Win9x?
>>I know I know all about Win9x and yes I've applied the patches and
>>yes it's stable. I just want something extra besides my fw that will
>>inspect pkets against signatures, strings, etc.
>
> Snort. www.snort.org. It cannot do any kind of reactive IDS (Flexible
> Reponse), to shut down connections, on Win9x. You need either an NT
> derivative, Linux, or Unix.
Trust me, one thing you don't want is an active (N)IDS [1], it just
doesn't work! You are always behind on signatures, so the chance is
relatively high you miss intrusions. Passive (N)IDS, like Snort, is the
way to go.
[1] An active (N)IDS will add firewall rules to block connections, for
instance. Passive (N)IDS only logs connections for examination.
-- Met vriendelijke groet / Best regards, Jan Reilink, VEVIDA Nederland BV Postbus 329, 9700 AH GRONINGEN, +31(0)50 - 5492234
- Next message: Security Alert: "SSRT4681 Apache 1.3.29 web server on VVOS"
- Previous message: Rowdy Yates: "Re: IDS for old box?"
- In reply to: sponge: "Re: IDS for old box?"
- Next in thread: Rowdy Yates: "Re: IDS for old box?"
- Reply: Rowdy Yates: "Re: IDS for old box?"
- Reply: sponge: "Re: IDS for old box?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
