Re: Use Snort to document usage?

[Madhav Diwan <mdiwan () wagweb com>]

 Interesting idea .. but i would leave the  Snort IDS to run
IDS detection..

 you could concievably  create rules that log source and destination
activity  to and from  a particutar IP or IP-range in snort..  BUT , why
bother when a tool such as ntop already does all this and more ..

my suggestion:

try ntop to monitor the traffic stats.. and create  general policy based
on its results :   thats what it was made for.

then use snort to fine tune your firewall.. THAT is a very good reason
to use an IDS.


Madhav Diwan



Rich Adamson wrote:

> I'm looking for a realistic way to identify communications to/from
> a small set of systems that share a single ethernet segment, and use
> that useage data to install/configure a firewall.  These critical
> systems will be isolated behind a firewall, however before installing
> the firewall I'd like to identify/document all current activity and
> configure the initial firewalls rules to support appropriate usage.
> The systems are AIX, X11, IP, etc.
>
> I can certainly use Sniffers to monitor acitivity over some lengthy
> period of time, however I'm wondering if snort might be able to
> accomplish the task in some manner.
>
> Thoughts???
>
> Rich
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users