Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort as IDS/IPS in mission-critical enterprise network

From: Michael Holstein <michael.holstein () csuohio edu>
Date: Fri, 09 Dec 2005 09:18:54 -0500
If any of you can name any big network which is using Snort as an example, it will be very helpful.
/16 on a DS-3 here. Snort on a p4 3.2ghz box, with a fairly large ruleset (not the whole thing, but all the VRT ones, plus a bunch of bleeding ones, plus a bunch of overrides.
I have it configured to automatically shutdown infected ports (not something it does natively .. a lot of Perl + MySQL + pixie dust). 

Rock solid. Thanks Marty :)

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: