Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: criticism of snort in articles

From: twig les <twigles () yahoo com>
Date: Tue, 26 Nov 2002 16:42:32 -0800 (PST)
This stuff is true, but what I've found is that when
companies go out of their way to make it easier for
the IT guy to administer thru use of GUIs, objects,
integrated everything... is that I don't know which
way is up.  Then when I figure out how everything is
put together I'm more annoyed than impressed.

If anyone wants a vibrant illustration of these
points, get a Cisco IDS (netranger thingy) sensor and
try getting *any* useful information out of it without
using Cisco's proprietary "point 'n click" crap ("so
syslogd sends info to UDP 515 now?  BWAHAHAHA").

My point is that there is no shortcut.  If this stuff
was easy everyone would...wait, everyone *is* doing
it.


--- James-lists <hackerwacker () cybermesa com> wrote:

However, until snort becomes a no brainer the

reviews will continue
to

portray snort as the cinderella of IDS's. The

problem with bad press
is

that some managers don't know enough to

objectively decide on what

solution is best for the organization and

proprietary vendors in
their

sales pitch will say that snort is too difficult

to configure and
our

product won an A+ from .... magazine.


You cannot understand security till you are, as I
call it, "Packet
minded".
Managers may wish for a box that has 2 lights, 1 for
"OK" and another
for "You have been hacked" but if this is the depth
of one's
understanding
they will be hacked again and again. No IDS can help
with this
situation.
Security will always be nity-gritty & complex. One
size will never fit
all.

I get 2,000 to 10,000 alerts a day on a well tuned
rule set. I know a
whole
lot more from the thousands of hits that are not
true penetrations and
the false
positives than the occasional one that means some
has broken in or is
close to
this point.






-------------------------------------------------------

This SF.net email is sponsored by: Get the new Palm
Tungsten T 
handheld. Power & Color in a compact size! 


http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:


https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:


http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
If you give a man a fish, he can eat for a day
If you bludgeon him to death, you can eat the fish yourself                       
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com


-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: