Snort question

Ben Beeson beesond001 at hawaii.rr.com
Tue May 15 00:10:19 PDT 2001 

Jay,

	Interesting read....  This sounds like a pretty good tool.  This leads
me to ask a few other questions.  

		1.  How difficult is it to get snort to coexist with other
logging apps? By this I mean, I already run a firewall and a port monitoring
program.  The port monitoring program may not be as good as snort at
identifying the kind of attack, but it does catch the common ones and then add
a firewall rule to block the offending source IP address when I get scanned. 
Would this cause a problem with snort as far as you can tell?

		2.  Can you use snort to drive your firewall automatically?

		3.  Does snort automatically produce log analysis, or do you
need another tool to do this with?  I'm not very good at log analysis other
than very obvious things such as: "ATTACK ALERT"  or "DENY" etc.  Even after
using linux on the net for upwards of 3 years now,  I tend to trust my firewall
a little more than I should because I do not know all the intricate details of
TCP/IP packets and how they are doctored during attacks.  I'm still learning,
but I feel blissfully ignorant sometimes...

I apologize if these questions are a little detailed, but I am seriously
considering installing it, and I thought a little learning up front may help me
get better mileage.  

Thanks in advance for your help, 

Ben 


On Mon, 14 May 2001, you wrote:
> i use snort as an IDS.  as long as i keep my rules up to date,
> it lets me know not only that someone's attacking me, but exactly
> what kind of attack.  the version i'm running is a bit old, so they've
> add some new features since then like realtime alerting and syn/stealthscan
> detection.
> 
> it's really quite flexible and thus useful for lots of different tasks.
> check out this doc for some of the more common implementations:
> http://www.snort.org/lisapaper.txt
> 
> how does it make my life easier?  i don't think it does.  if i used it
> at work for a client i'd probably use the logs to justify getting paid
> every week.  usually tho, clients will opt for expensive commercial
> products with fancy GUIs.  i mostly use it at home to find rootshells on
> servers that are used to attack my network.
> 
> =jay
> 
> 
> On Sun, 13 May 2001, Ben Beeson wrote:
> 
> > Aloha all,
> >
> > 	Does anyone have any experience using Snort? If so, how do you use it
> > and how does it make your life easier?
> >
> > Thanks,
> > Ben Beeson
> 
> 
> ---
> You are currently subscribed to luau as: beesond001 at hawaii.rr.com
> To unsubscribe send a blank email to $subst('Email.Unsub')
--

More information about the LUAU mailing list