|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Frank Knobbe (fknobbe_at_knobbeits.com)
Date: Mon Dec 02 2002 - 11:32:09 CST
On Mon, 2002-12-02 at 11:20, L. Christopher Luther wrote:
> Always an option, but then again, that's what the portscan plugin is
> for. Why reinvent the wheel? Better have the portscan plugin
> normalized to produce consistent output.
I would call it reinventing the wheel if it were redundant. In my
opinion, it is not, because the approach is different. Using rules over
the port scan plugin give you finer control.
It also makes you having to learn your network layout, which is always a
plus :) I see too many folks deploying Snort that don't know what their
network looks like. You really need to get a handle on your network
first before you deploy an IDS. The argument that the IDS is there so
you don't have to know whats behind your network, is imho flawed.
Maybe I just love to use customized rules... :)
Frank
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iQCVAwUAPeuZGL+0ijK5TGa5AQKn8gP9HsnEG5fc8m0aAsZ9E3Y2y23VMSB8WhIo
e2k6wC/fTGZ/TJlrKWhigunpKkMRtuAjxY+2eqaOBnciJ79y1QY6QNVwpHJcMUTY
xh+6lQMzTBtYwxkaznzTV0xy64MLPs45BDHIilpJKHJFTCqrqLHcyDRSlKNIel9J
UEoz0lFnN9w=
=SmuM
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T
handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users
lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]