Snort mailing list archives

Re: Thoughts on internal vs. external IDS rulesets

From: Steve Ochani <jpegny () optonline net>
Date: Wed, 10 Apr 2002 12:14:28 -0400

On 10 Apr 2002 at 10:43, Chris Eidem wrote:

What do y'all look for running around in your network?  Virii?  PtP
programs?  Outbound unauthorized connections?  Anything I haven't
mentioned?


Besides what you mentioned I also look for the common exploits and am trying to set up
portscan detection from servers being used by students.



«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»
"Players only love you when they're playing"
--FleetWood Mac


Steve O.
Physical Sciences Dept. Network Admin

See updated NCC weather conditions at
http://wr.psi.ncc.edu/~data

http://www.ncc.edu/dptpages/physci/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Thoughts on internal vs. external IDS rulesets Chris Eidem (Apr 10)
- Re: Thoughts on internal vs. external IDS rulesets Steve Ochani (Apr 10)
- <Possible follow-ups>
- RE: Thoughts on internal vs. external IDS rulesets Chris Eidem (Apr 10)
- RE: Thoughts on internal vs. external IDS rulesets Sheahan, Paul (PCLN-NW) (Apr 10)
  - RE: Thoughts on internal vs. external IDS rulesets Alwin Raymundo (Apr 11)
- RE: Thoughts on internal vs. external IDS rulesets Sheahan, Paul (PCLN-NW) (Apr 11)