IDS mailing list archives
Re: SOHO Hardware IDS
From: Mark Teicher <mteicher () comcast net>
Date: Sun, 16 Nov 2003 14:17:42 -0700
Ron, Nice speaking to you the other day.As the previous poster pointed out that the Fortinet Fortigate appliance is a nice box.. The real nice feature is the in-line Anti-Virus blocking. The IDS/IPS is mostly Sn0rt based with a few custom signatures of their own The log output can be downloaded in .csv format or normal log format, whatever that is. The output of the logs is not in Sn0rt format, only English-like
The notifications are still primitive as shown below:The following instrusion was observed: attack_id=110 src=135.122.44.141 dst=135.122.51.75 src_port=88 dst_port=1963 interface=port1 status=dropped proto=017 service=1963/udp msg="IP fragment " The following intrusion was observed: netbios: DCERPC ISystemActivator bind attempt[Reference: http://www.fortinet.com/ids/ID102039574] Interface-port2: TCP 135.123.23.188:2793 -> 135.122.51.75:135 .
At 07:41 AM 11/10/2003, Ron Gula wrote:
At 02:04 PM 11/10/2003 +0100, boutros () swissonline ch wrote:Hi all,I am curious if there exists a SOHO-type hardware device with the functionality of the Snort IDS. I know I could build a cheap Linux box, but I am looking for something small and quieter than a PC....TIA, BoutrosCheck out Fortinet. http://www.fortinet.com/ Their web site has much about firewalls and anti-virus, but they also have Snort embedded into their appliances. I have several Tenable customers/partners looking at them and they say the logs output pretty much the same data as the Snort Linux boxes running right next to it. Ron Gula, CTO Tenable Network Security http://www.tenablesecurity.com [Ligthnign Console - Distributed Enterprise Security Manager ] [NeVO Scanner - 100% Passive Vulnerability Detection ] [NeWT Scanner - The easy-to-use vulnerability scanner for XP ] --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register athttp://www.securityfocus.com/sponsor/RSA_focus-ids_031023 and use priority code SF4.---------------------------------------------------------------------------
--------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register athttp://www.securityfocus.com/sponsor/RSA_focus-ids_031023 and use priority code SF4.
---------------------------------------------------------------------------
Current thread:
- SOHO Hardware IDS boutros (Nov 10)
- Re: SOHO Hardware IDS Ron Gula (Nov 10)
- Message not available
- Re: SOHO Hardware IDS Jerry Dixon (Nov 10)
- Message not available
- Re: SOHO Hardware IDS Ron Gula (Nov 10)
- Re: SOHO Hardware IDS Pauli (Nov 12)
- Re: SOHO Hardware IDS Mark Teicher (Nov 17)
- Re: SOHO Hardware IDS Pauli (Nov 21)
- Re: SOHO Hardware IDS Mark Teicher (Nov 17)
- Re: SOHO Hardware IDS Steffen Kluge (Nov 12)
- Message not available
- Re: SOHO Hardware IDS Mark Teicher (Nov 17)
- <Possible follow-ups>
- RE: SOHO Hardware IDS PPowenski (Nov 10)
- Re: SOHO Hardware IDS Jason Wieland (Nov 10)
- Re: SOHO Hardware IDS Mark Teicher (Nov 17)
- Re: SOHO Hardware IDS dr . kaos (Nov 13)
- RE: SOHO Hardware IDS JAVIER OTERO (Nov 17)