Snort mailing list archives
Re: Beginner w/ IDS and snort
From: Wesley Eddy <weddy () masaka cs ohiou edu>
Date: Thu, 23 Aug 2001 14:43:32 -0400
On Thu, Aug 23, 2001 at 11:02:49AM -0700, Snail945 wrote:
I'm thinking about using either a Linux/SNORT/DEMARC solution or a Windows 2000/SNORT solution for the IDS. I come from many years of administering Windows based systems and am very comfortable administering and securing them, but am sorta a "beginner to intermediate" with Linux and Unix. That said, I'm very much open to building this IDS on the "ideal platform" and doing whatever research and testing is required to make it successful. I'm comfortable with cli, but regardless of platform, I'd like to have a front-end that provides meaningful "quick-glance" information, and a way to sort through all the data.
I guess I would reccommend Linux, not because it's free, but because so many great tools exist for dealing with logs and responding to alerts on Unix-like operating systems, and Linux support tends to be a bit better than it is for say Solaris x86 or NetBSD simply because more people run it. Personally, I wouldn't even consider the Windows "solution". It has always amazed me that not only has snort (and many other such programs for that matter) been ported to Windows, but that there actually exists a userbase for it on that platform. This puzzles me to no end. To be perfectly frank, the very idea of running an IDS on a non-Unix-like operating system is laughable at the present time. Of course, anyone administering Windows platforms has a lot more need for a good IDS with things like CodeRed running around, but when your IDS box gets cracked, I assume it's rather embarrassing, so why not go with a real operating system for the sensor? Perhaps I'm missing something or am just a cranky old fart, but I'd really like to know why there exists a desire to run snort on Windows. Could someone please enlighten me?
Do You Yahoo!?
No. -Wes -- "I can't see too well, what's it all about? I don't know man, did you poke your eyes out?" -Angry Samoans, "Lights Out"
Attachment:
_bin
Description:
Current thread:
- Beginner w/ IDS and snort Snail945 (Aug 23)
- Re: Beginner w/ IDS and snort Wesley Eddy (Aug 23)
- Re: Beginner w/ IDS and snort Mark Rowlands (Aug 24)
- Re: Beginner w/ IDS and snort Erek Adams (Aug 23)
- Re: Beginner w/ IDS and snort JP (Aug 23)
- Re: Beginner w/ IDS and snort Snail945 (Aug 23)
- Re: Beginner w/ IDS and snort Daniel Voyer (Aug 24)
- <Possible follow-ups>
- RE: Beginner w/ IDS and snort Steve Halligan (Aug 23)
- Re: Beginner w/ IDS and snort Wesley Eddy (Aug 23)