Re: What am I Protecting Against?

["james" <hackerwacker () cybermesa com>]

: Interestingly, I'm getting a mixture of somewhat-conflicting answers to
: my question -- all of which are, I think, right.

Each network is different; each with its own policies 
and needs. Your needs are different from mine, as are our networks.
To me, Snort is much more than an IDS. Rules
for normal traffic, like formmail.pl, zone transfers,
robots.txt, ect provide me with useful information.
Some, like formmail rules, tell me when things get excessive
& might signal an exploit.
The zone transfer rule lets me keep up with many primary and secondary
NS'es without greping lots of logs. Right now I am using a NNTP rule
to ID the users that are hogging transit bandwidth because they don't
we have a local news server. A web client wanted to know when they got indexed,
so I used the robots.txt rule to provide this info.





-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users