Re: Arguments for Snort

[twig les <twigles () yahoo com>]

I don't know much about ISS but I am evaluating my second
proprietary NIDS and neither lets me look at the sigs.  If ISS
hides the sigs as well then I would say very mean things to the
console as I tried to investigate alerts, kind of like I will do
later today with our commercial NIDS.  If you can't see *the
actual signature* (not a description of it) then fsck it.

Also snort is so flexible that you can do anything you want with
it provided you know a little unix and some scripting.  I have
yet to be impressed with the convoluted approach taken by the
two vendors I have evaluated and their psycho GUIs from
h-e-double-hockey-stick.  Having to create multiple layers of
objects via a GUI to assign the IP address so you can SSH in
just plain sucks.  And, as you pointed out, they are slooow.

Then again I hate when people try and hold my hand so I'm biased
against these clunky "enterprise" contracts.  Snort can scale
quite nicely in the enterprise thank you kindly.  Sorry for the
rant, your question hit a raw nerve.

--- tfandango <tfandango () yahoo com> wrote:
> Hi All-
>
> I work for a large company in their IDS department. 
> There are a lot of cutbacks going on and the consensus
> is that we will probably drop some of our ISS licenses
> this year.  Some of our senior members are running
> around complaining that we will lose IDS coverage yada
> yada yada.
>
> I see this as a wonderful opportunity to deploy snort
> boxes instead as I haven't been too fond of ISS's
> tools and frankly I find some of their licenses
> insulting.
>
> My problem is that this company is very resistant to
> change and especially change with open source
> applications (Some of our members specialize in FUD). 
> Just wanted to know how Snort compares to ISS on a
> technical standpoint.  Is there really any advantage
> to using ISS over Snort besides the fancy and very
> slow GUI interfaces?  I plan to present this to my
> manager.
>
> Thanks...
> T.
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
>
> -------------------------------------------------------
> This SF.NET email is sponsored by:
> SourceForge Enterprise Edition + IBM + LinuxWorld = Something
> 2 See!
> http://www.vasoftware.com
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Know yourself and know your enemy and you will never fear defeat.         
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users