Snort mailing list archives
Re: Use Snort to document usage?
From: Madhav Diwan <mdiwan () wagweb com>
Date: Sun, 14 Oct 2001 22:38:48 -0400
Interesting idea .. but i would leave the Snort IDS to run IDS detection.. you could concievably create rules that log source and destination activity to and from a particutar IP or IP-range in snort.. BUT , why bother when a tool such as ntop already does all this and more .. my suggestion: try ntop to monitor the traffic stats.. and create general policy based on its results : thats what it was made for. then use snort to fine tune your firewall.. THAT is a very good reason to use an IDS. Madhav Diwan Rich Adamson wrote:
I'm looking for a realistic way to identify communications to/from a small set of systems that share a single ethernet segment, and use that useage data to install/configure a firewall. These critical systems will be isolated behind a firewall, however before installing the firewall I'd like to identify/document all current activity and configure the initial firewalls rules to support appropriate usage. The systems are AIX, X11, IP, etc. I can certainly use Sniffers to monitor acitivity over some lengthy period of time, however I'm wondering if snort might be able to accomplish the task in some manner. Thoughts??? Rich _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Use Snort to document usage? Rich Adamson (Oct 14)
- Re: Use Snort to document usage? Madhav Diwan (Oct 14)