|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] A few questions
From: Matt Kettler (mkettler
evi-inc.com)
Date: Tue Sep 14 2004 - 19:08:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 05:36 PM 9/14/2004, Newbie wrote:
>I am not on a network, I simply have my PC and router as a home
>configuration. However I get a lot of false negatives where the error
>relates to my router. How can I configure HOME_NET to therefore include
>any IPs that begin with 123.123 etc? Currently it is setup IP/32 – what
>would the new one be?
123.123.0.0/16 (contains 123.123.0.0 through 123.123.255.255)
Also for completeness should you need a smaller range at some point:
123.123.123.0/24 (contains 123.123.123.0 through 123.123.123.255)
>Secondly, because I am using a home PC/router, I am not sure the
>flow:to_server is relevant for me. These commands also include major
>anti-trojan rules which don’t seem to therefore work for my PC setup. Can
>I simply remove these commands if I am not on a server?
Some of them are relevant.. In this context "server" refers to the system
which answered a TCP connection request, not something running on a
"server" version of windows, etc.
A backdoor installed on your machine could appear as a "server" in this
context.
However, if you aren't running any dns servers, webservers, etc, you can,
and probably should, trim down which .rules files you are using.
>And finally – a more simple question, apart from a Snort equivalent with
>some more graphs, what more security features do all these wiz-bang
>systems you pay thousands for actually include?
800 number Technical support contracts, known good hardware, preconfigured,
prehardened, etc. Some have different approaches to processing packets
with various advantages and drawbacks, but at a high-level view they are
quite similar.
On some level it's a bit like asking what the difference between a linux
box with a good IPTables config and a couple of Nics and a Cisco PIX is.
Both serve the same functions, but you can spend a lot of time setting up
the linux box to get it right.
Also having a support contract where they can request a replacement unit
with 24-hour delivery is reassuring in a business environment where
downtime costs, although this is more relevant to routers/firewalls than IDS's.
-------------------------------------------------------
This SF.Net email is sponsored by: thawte's Crypto Challenge Vl
Crack the code and win a Sony DCRHC40 MiniDV Digital Handycam
Camcorder. More prizes in the weekly Lunch Hour Challenge.
Sign up NOW http://ad.doubleclick.net/clk;10740251;10262165;m
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]