Snort mailing list archives
Re: Is snort an over kill just for apache?
From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 24 Aug 2005 12:07:03 -0400
Pigeon wrote:
I have a server that just does sshd and apache + apache SSL. Apache mainly serves files. I was wondering if there will be any major benefit in using snort over just sifting through the logs with a script and cron.
Sifting the logs won't tell you if someone sent a malformed packet to SSHD, attempting to exploit it. Ideally you want to do both. The logs will tell you all the things that apache and sshd believe they legitamately granted access to. Logs will also tell you about most legitamate requests which were denied. Logs won't tell you about all portscans, malformed packets, etc. That's where snort can help. ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort & ACID Lean Cornelius (Aug 15)
- RE: Snort & ACID M. Shirk (Aug 15)
- RE: Snort & ACID Lean Cornelius (Aug 15)
- Is snort an over kill just for apache? Pigeon (Aug 23)
- Re: Is snort an over kill just for apache? Matt Kettler (Aug 24)
- <Possible follow-ups>
- RE: Snort & ACID Willy, Andrew (Aug 15)
- RE: Snort & ACID M. Shirk (Aug 15)