rgulaNETWORK-DEFENSE.COM

• Next message: Yoann LeCorvic: "Re: Intrusion Detection Logfile Software"
• Previous message: Jason Tackaberry: "Re: Intrusion Detection Logfile Software"
• In reply to: Jason Tackaberry: "Re: Intrusion Detection Logfile Software"
• Next in thread: Elliot Turner: "Re: Intrusion Detection Logfile Software"
• Next in thread: Yoann LeCorvic: "Re: Intrusion Detection Logfile Software"
• Reply: Ron Gula: "Re: Intrusion Detection Logfile Software"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 06:43 PM 10/10/00 -0400, you wrote:
>> If your pocketbook is thin, you can go for the obvious no-cost solution of
>> Snort+aracNIDS?
>
>What reasons would there be _not_ to go with this solution?

These reasons could depend on the network technology involved.

Snort is a great open-source Network IDS. What the original question
was though was for a web log and firewall log monitor. Run a web-SSL
attack and most NIDS don't report anything. Place the firewall in front
of the NIDS and the NIDS may not see port scans. If you have a Nokia
firewall with a built in CSU/DSU T1 interface, then you may not get
the chance to put a NIDS in front of the firewall.

Ron Gula
VP IDS Products
Enterasys Networks
http://www.enterasys.com
http://www.securitywizards.com

• Next message: Yoann LeCorvic: "Re: Intrusion Detection Logfile Software"
• Previous message: Jason Tackaberry: "Re: Intrusion Detection Logfile Software"
• In reply to: Jason Tackaberry: "Re: Intrusion Detection Logfile Software"
• Next in thread: Elliot Turner: "Re: Intrusion Detection Logfile Software"
• Next in thread: Yoann LeCorvic: "Re: Intrusion Detection Logfile Software"
• Reply: Ron Gula: "Re: Intrusion Detection Logfile Software"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]