Snort mailing list archives
Re: fragroute vs. snort: the tempest in a teacup
From: "Steven M. Bellovin" <smb () research att com>
Date: Fri, 19 Apr 2002 16:01:21 -0400
In message <200204182210.IAA10429 () caligula anu edu au>, Darren Reed writes:
IMHO it makes little sense for an IDS to be *behind* a firewall as it's going to miss out on lots of useful data points.
The question to answer is what the purpose is of your IDS. If you're a researcher on intrusion techniques, you should indeed have your IDS on the outside. If you're a good citizen and have lots of free time, by all means have one, so you can tell all the rooted sites that are probing you that they're owned. But if you want to find out if you're under attack, don't bother -- you are under attack, more or less continuously. An IDS on the inside will have many fewer false alarms, and will tell you what you really want to know -- that someone has gotten through your (other) defenses. --Steve Bellovin, http://www.research.att.com/~smb Full text of "Firewalls" book now at http://www.wilyhacker.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- fragroute vs. snort: the tempest in a teacup Dragos Ruiu (Apr 17)
- Re: fragroute vs. snort: the tempest in a teacup Dug Song (Apr 18)
- Re: fragroute vs. snort: the tempest in a teacup Darren Reed (Apr 18)
- Re: fragroute vs. snort: the tempest in a teacup Ron DuFresne (Apr 19)
- RE: fragroute vs. snort: the tempest in a teacup Enno Rey (Apr 19)
- Re: fragroute vs. snort: the tempest in a teacup Marco Thorbruegge (Apr 19)
- Re: fragroute vs. snort: the tempest in a teacup Crist J. Clark (Apr 20)
- Re: fragroute vs. snort: the tempest in a teacup Francis Cianfrocca (Apr 18)
- Re: Re: fragroute vs. snort: the tempest in a teacup Jason Haar (Apr 18)
- Re: fragroute vs. snort: the tempest in a teacup Darren Reed (Apr 18)
- <Possible follow-ups>
- Re: fragroute vs. snort: the tempest in a teacup Brad Powell (Apr 19)
- Re: fragroute vs. snort: the tempest in a teacup Steven M. Bellovin (Apr 19)
- RE: fragroute vs. snort: the tempest in a teacup Craig, Scott (Apr 25)
- RE: fragroute vs. snort: the tempest in a teacup Ron DuFresne (Apr 25)
- Re: fragroute vs. snort: the tempest in a teacup Dug Song (Apr 18)