clarifying use of snort [was - Re: security in general]

To: kjfsgjks ksjgkfhfd <tubster85@hotmail.com>
Cc: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: clarifying use of snort [was - Re: security in general]
From: "Robert L. Yelvington" <robert@sciresearch.com>
Date: Wed, 30 May 2001 09:02:23 -0800
Message-id: <3B15279E.84C957BB@sciresearch.com>
Reply-to: robert@sciresearch.com
References: <F78gghTGQMRU9sMEUAM00017d58@hotmail.com>

> >Sounds like you've almost everything covered. About the only things I
> >could recommend would be to run nessus against yourself and install
> >snort in IDS mode.
> I could try that, I'd have to look up some info on the program. I assume
> nessus checks for known vulnerabilities? Sounds ok, never hurts.
> As for snort in IDS mode, snort is like tripwire right? Hmm that means
> someone is already inside the system and it's too late already..
> Will have to read up on it tho :)

snort is not like tripwire, snort is a network tool.
it can be set up to monitor network activity from an external machine,
as an IDS it matches tcp packet content against known intrusion packet
content via customizeable rules.  check out http://www.snort.org and http://www.whitehats.com

~tks,robt

Reply to:

References:
- Re: security in general
  - From: "kjfsgjks ksjgkfhfd" <tubster85@hotmail.com>

Prev by Date: Re: root fs/crypted
Next by Date: Re: root fs/crypted
Previous by thread: Re: security in general
Next by thread: Re: security in general
Index(es):
- Date
- Thread