Snort mailing list archives
Re: What am I Protecting Against?
From: "james" <hackerwacker () cybermesa com>
Date: Tue, 3 Jun 2003 01:13:51 -0600
: Interestingly, I'm getting a mixture of somewhat-conflicting answers to : my question -- all of which are, I think, right. Each network is different; each with its own policies and needs. Your needs are different from mine, as are our networks. To me, Snort is much more than an IDS. Rules for normal traffic, like formmail.pl, zone transfers, robots.txt, ect provide me with useful information. Some, like formmail rules, tell me when things get excessive & might signal an exploit. The zone transfer rule lets me keep up with many primary and secondary NS'es without greping lots of logs. Right now I am using a NNTP rule to ID the users that are hogging transit bandwidth because they don't we have a local news server. A web client wanted to know when they got indexed, so I used the robots.txt rule to provide this info. ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- What am I Protecting Against? Roy S. Rapoport (Jun 02)
- Re: What am I Protecting Against? james (Jun 02)
- Re: What am I Protecting Against? Roy S. Rapoport (Jun 03)
- Re: What am I Protecting Against? james (Jun 03)
- Re: What am I Protecting Against? Roy S. Rapoport (Jun 03)
- Re: What am I Protecting Against? Nicholas Bachmann (Jun 04)
- <Possible follow-ups>
- RE: What am I Protecting Against? Wilcoxen, Scott (Jun 02)
- Re: What am I Protecting Against? james (Jun 02)