Snort mailing list archives
RE: ntop
From: Fraser Hugh <hugh_fraser () dofasco ca>
Date: Wed, 26 Sep 2001 11:58:15 -0400
ntop does indeed have some IDS capabilities, but in keeping with ntop's strength as a network protocol monitoring tool (rather than packet payload), the rules address protocol errors (like SYN packets that aren't ACK'ed within a reasonable time frame). There is some overlap with what Snort does in this area, but it's not a replacement. I use ntop to watch for longer term trends, ie. to look at protocols distributions through our firewall, since it's a very good visualization tool. But to do the automated monitoring of traffic, I use a combination of Snort as an IDS, MRTG to watch traffic trends (ie. put thresholds on throughput), and Netsaint to watch MRTG and do the alerting. -----Original Message----- From: Florin Andrei [mailto:florin () sgi com] Sent: Tuesday, September 25, 2001 8:25 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] ntop On Tue, 2001-09-25 at 15:25, Robert van der Meulen wrote:
'ntop' is a network statistics gatherer:
Yes, that was my first impression too, but if you go to www.ntop.org click on Docs and take a look at the second document from Papers/Articles ( http://jake.unipi.it/~deri/ntop_IEEE.pdf.gz ) you will see things like "portscan detection, spoofing detection, spy detection, trojan horse detection, denial of service", etc.etc. Like i said, i have a feeling that it's got only very superficial IDS capabilities, but i cannot vouch for that since i don't have first hand experience with ntop. -- Florin Andrei "Our mail system is MS Exchange-Me-For-A-Real-Mailer-Please" - an unhappy sysadmin _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users