Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: how to handle this problem

From: "AJ Butcher, Information Systems and Computing" <Alex.Butcher () bristol ac uk>
Date: Thu, 20 May 2004 15:27:08 +0100


--On 20 May 2004 16:17 +0200 derk van de Velde <derk () pcvisie nl> wrote:


hi,

i installed snort because some weeks ago, one machin inside our network
attacked a lot of machines outside. so we were blocked by my isp.
i think snort is a good product to signal thise attacks, is that correct?


With a bit of luck, yes.


because sometimes i get many alerts aday, is snortalog a good way to track
them?
is there a better way to find (fast) the real severe alerts?
I think ACID is pretty good. Though, as with any NIDS, you'll need to tune Snort's rules for your environment. If you don't tune your NIDS, it'll probably generate too much data for you to effectively analyse, and it'll sit gathering dust in the corner of your machine room. 


thanks and regards,
derk


Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. 
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: