Snort mailing list archives
Re: criticism of snort in articles
From: twig les <twigles () yahoo com>
Date: Tue, 26 Nov 2002 16:42:32 -0800 (PST)
This stuff is true, but what I've found is that when companies go out of their way to make it easier for the IT guy to administer thru use of GUIs, objects, integrated everything... is that I don't know which way is up. Then when I figure out how everything is put together I'm more annoyed than impressed. If anyone wants a vibrant illustration of these points, get a Cisco IDS (netranger thingy) sensor and try getting *any* useful information out of it without using Cisco's proprietary "point 'n click" crap ("so syslogd sends info to UDP 515 now? BWAHAHAHA"). My point is that there is no shortcut. If this stuff was easy everyone would...wait, everyone *is* doing it. --- James-lists <hackerwacker () cybermesa com> wrote:
However, until snort becomes a no brainer thereviews will continue toportray snort as the cinderella of IDS's. Theproblem with bad press isthat some managers don't know enough toobjectively decide on whatsolution is best for the organization andproprietary vendors in theirsales pitch will say that snort is too difficultto configure and ourproduct won an A+ from .... magazine.You cannot understand security till you are, as I call it, "Packet minded". Managers may wish for a box that has 2 lights, 1 for "OK" and another for "You have been hacked" but if this is the depth of one's understanding they will be hacked again and again. No IDS can help with this situation. Security will always be nity-gritty & complex. One size will never fit all. I get 2,000 to 10,000 alerts a day on a well tuned rule set. I know a whole lot more from the thousands of hits that are not true penetrations and the false positives than the occasional one that means some has broken in or is close to this point.
-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users ===== ----------------------------------------------------------- If you give a man a fish, he can eat for a day If you bludgeon him to death, you can eat the fish yourself ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- criticism of snort in articles that I can not remember being explained or rebutted on this list. Device Discovery slash manually configuring snort. Jacob, Raymond A Jr (Nov 26)
- Re: criticism of snort in articles that I can not remember being explained or rebutted on this list. Device Discovery slash manually configuring snort. Erek Adams (Nov 26)
- Re: criticism of snort in articles that I can not remember being explained or rebutted on this list. Device Discovery slash manually configuring snort. James-lists (Nov 26)
- Re: criticism of snort in articles twig les (Nov 26)
- Re: criticism of snort in articles that I can not remember being explained or rebutted on this list. Device Discovery slash manually configuring snort. James-lists (Nov 26)
- Re: criticism of snort in articles that I can not remember being explained or rebutted on this list. Device Discovery slash manually configuring snort. Erek Adams (Nov 26)