Snort mailing list archives
Re: Arguments for Snort
From: twig les <twigles () yahoo com>
Date: Mon, 10 Feb 2003 15:19:51 -0800 (PST)
I don't know much about ISS but I am evaluating my second proprietary NIDS and neither lets me look at the sigs. If ISS hides the sigs as well then I would say very mean things to the console as I tried to investigate alerts, kind of like I will do later today with our commercial NIDS. If you can't see *the actual signature* (not a description of it) then fsck it. Also snort is so flexible that you can do anything you want with it provided you know a little unix and some scripting. I have yet to be impressed with the convoluted approach taken by the two vendors I have evaluated and their psycho GUIs from h-e-double-hockey-stick. Having to create multiple layers of objects via a GUI to assign the IP address so you can SSH in just plain sucks. And, as you pointed out, they are slooow. Then again I hate when people try and hold my hand so I'm biased against these clunky "enterprise" contracts. Snort can scale quite nicely in the enterprise thank you kindly. Sorry for the rant, your question hit a raw nerve. --- tfandango <tfandango () yahoo com> wrote:
Hi All- I work for a large company in their IDS department. There are a lot of cutbacks going on and the consensus is that we will probably drop some of our ISS licenses this year. Some of our senior members are running around complaining that we will lose IDS coverage yada yada yada. I see this as a wonderful opportunity to deploy snort boxes instead as I haven't been too fond of ISS's tools and frankly I find some of their licenses insulting. My problem is that this company is very resistant to change and especially change with open source applications (Some of our members specialize in FUD). Just wanted to know how Snort compares to ISS on a technical standpoint. Is there really any advantage to using ISS over Snort besides the fancy and very slow GUI interfaces? I plan to present this to my manager. Thanks... T. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
===== ----------------------------------------------------------- Know yourself and know your enemy and you will never fear defeat. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Arguments for Snort tfandango (Feb 10)
- Re: Arguments for Snort twig les (Feb 10)
- Re: Arguments for Snort Shane Williams (Feb 11)
- Re: Arguments for Snort Paul Schmehl (Feb 11)
- Best Enterprise Snort Configuration tfandango (Feb 12)
- Re: Best Enterprise Snort Configuration Paul Schmehl (Feb 12)
- Re: Best Enterprise Snort Configuration Ken Gunderson (Feb 12)
- Re: Best Enterprise Snort Configuration twig les (Feb 12)
- Re: Best Enterprise Snort Configuration Ken Gunderson (Feb 12)
- Re: Arguments for Snort Paul Schmehl (Feb 11)
- Re: Best Enterprise Snort Configuration Saad Kadhi (Feb 12)
- Re: Best Enterprise Snort Configuration Michael Boman (Feb 12)
- Re: Best Enterprise Snort Configuration Joerg Weber (Feb 12)