Dear Raju, That's what I like about snort - it can be scaled down from being a NIDS to a HIDS and it can be run either a logger like iplog or dynamic firewall like portsentry or both. Can detect all the common attacks like scans, smurfs, floods etc. Seems to have a far more configurable/powerfull signature matching syntax then other things out there.
It is basically a IDS/Dynamic firewall in one package - kinda like iplog and portsentry combined, which can be deployed over the entire network [would have to be on the firewall box, or connected to the snoop port if you just want logging] or just a single host. Now, I am sure that you can get iplog and/or portsentry to do the same by fancy hacks, but that's another discussion. My problem is this - snort seems to have the goods, but does it deliver? Does it accurately detect attacks, does it report too many false attacks, does it just die out under heavy load? Regards, -Varun -- Mindframe Software & Services Pvt. Ltd., A-50, Sector-39, NOIDA, U.P. - 201301, India http://www.mindsw.com > Hi Varun, > > Snort, iplog and portsentry are different tools for different purposes: > > - Snort: full-blown network IDS. Snoops packets on the ethernet and > takes actions if it finds packets matching user-specified rules. > Actions could include logging the connection, alerting an > administrator, resetting the connection, etc. > > - Iplog: Only a IP packet logger for a single host. Does not do > anything except logging. Is smart, so stops logging if it detects a > flood. > > - Portsentry: Watches specific ports on your (single) server and takes > appropriate action if activity is detected on them. Usually used to > block hosts which try to hit unauthorised ports (e.g. 31337, 139, > etc). > > Hope that makes things clearer. > > Regards, > > -- Raju > >>>>>> "Varun" == Varun Varma <[EMAIL PROTECTED]> writes: > > Varun> Hi! Snort is a tool (http://www.snort.org) that provides > Varun> IDS functionality, pretty much like iplog. This seems a bit > Varun> fancier though - experimental built in route deletion > Varun> etc. Claim to fame - made to a Gartner Group Report on > Varun> IDSs', alongwith Cisco et. al. You can see the link to the > Varun> report somewhere near the bottom of the homepage. > > Varun> Anyone tried it? How does it stack up againt iplog and/or > Varun> portsentry? > > -- > Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/ > It is the mind that moves > > ================================================ > To subscribe, send email to [EMAIL PROTECTED] with subscribe in > subject header To unsubscribe, send email to [EMAIL PROTECTED] > with unsubscribe in subject header Archives are available at > http://www.mail-archive.com/ilugd%40wpaa.org > ================================================= ================================================ To subscribe, send email to [EMAIL PROTECTED] with subscribe in subject header To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header Archives are available at http://www.mail-archive.com/ilugd%40wpaa.org =================================================
