Snort question
jay
jay at musubi.org
Mon May 14 04:08:16 PDT 2001
i use snort as an IDS. as long as i keep my rules up to date,
it lets me know not only that someone's attacking me, but exactly
what kind of attack. the version i'm running is a bit old, so they've
add some new features since then like realtime alerting and syn/stealthscan
detection.
it's really quite flexible and thus useful for lots of different tasks.
check out this doc for some of the more common implementations:
http://www.snort.org/lisapaper.txt
how does it make my life easier? i don't think it does. if i used it
at work for a client i'd probably use the logs to justify getting paid
every week. usually tho, clients will opt for expensive commercial
products with fancy GUIs. i mostly use it at home to find rootshells on
servers that are used to attack my network.
=jay
On Sun, 13 May 2001, Ben Beeson wrote:
> Aloha all,
>
> Does anyone have any experience using Snort? If so, how do you use it
> and how does it make your life easier?
>
> Thanks,
> Ben Beeson
More information about the LUAU
mailing list