Snort mailing list archives
Re: questions hids & nids
From: "Jason Robertson" <jason () ifuture com>
Date: Wed, 12 Dec 2001 17:32:14 -0500
On 12 Dec 2001 at 15:33, Ronneil Camara wrote:
Hi guys, I've got some questions here: 1. Why would I need nids if I already have hids installed on every machine?
It is always useful, a HIDS, like tripwire, only tells you if a machine is compromised, but as well this can be faked or corrupted, but this will not tell you for example if you are getting unusual packets, or something that might not be logged. Or how about receiving packets to a non-logged port. Also remember if they gain root access they could update the database for tripwire.
2. What about performace issues of snort, how does snort cope up with network traffic? How does it perform on 100mbps? Does it have something to do with NICs?
Really based on the computer it's on, and the NIC's you are running, the 3com cards, if I am correct, do have a bug in which some packets can be dropped. (interupt problem, any one found a good fix for this yet?)
3. Is it possible for snort to log to a remote syslog server? If so, what entry in snort.conf would it be? Has anyone configured his snort to log to cisco cvwms?
Yeah just add the forwarding to syslog.conf @host should do it -- Jason Robertson Network/Security Analyst jason () ifuture com http://www.ifuture.com, http://www.astroadvice.com, http://www.astroeast.com Also if you are looking for an employee, I may be available soon, so feel free to contact me for my resume. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- questions hids & nids Ronneil Camara (Dec 12)
- Re: questions hids & nids Jason Robertson (Dec 12)
- Re: questions hids & nids Chris Green (Dec 12)
- <Possible follow-ups>
- RE: questions hids & nids Michael Aylor (Dec 12)