Re: IDS for old box?
From: Rowdy Yates (rowdy.yates_at_no-spam.lycos.com)
Date: 01/07/04
- Previous message: Todd H.: "Re: hardware firewall"
- In reply to: Jan Reilink: "Re: IDS for old box?"
- Next in thread: sponge: "Re: IDS for old box?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 7 Jan 2004 14:06:42 GMT
Jan Reilink <janreilink@vevida.nl> wrote in news:vvnubp5e2li324
@corp.supernews.com:
> sponge wrote:
>
>> On 6 Jan 2004 13:13:24 +0100, SteveYiu@nospam.com wrote:
>>
>>>Anyone know an IDS program that will work on Win9x?
>>>I know I know all about Win9x and yes I've applied the patches and
>>>yes it's stable. I just want something extra besides my fw that will
>>>inspect pkets against signatures, strings, etc.
>>
>> Snort. www.snort.org. It cannot do any kind of reactive IDS (Flexible
>> Reponse), to shut down connections, on Win9x. You need either an NT
>> derivative, Linux, or Unix.
>
> Trust me, one thing you don't want is an active (N)IDS [1], it just
> doesn't work! You are always behind on signatures, so the chance is
> relatively high you miss intrusions. Passive (N)IDS, like Snort, is the
> way to go.
>
> [1] An active (N)IDS will add firewall rules to block connections, for
> instance. Passive (N)IDS only logs connections for examination.
>
interesting opinion.
-- Rowdy Yates MCSE, Security+, Linux+
- Previous message: Todd H.: "Re: hardware firewall"
- In reply to: Jan Reilink: "Re: IDS for old box?"
- Next in thread: sponge: "Re: IDS for old box?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
