Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort capabilities

From: "AJ Butcher, Information Systems and Computing" <Alex.Butcher () bristol ac uk>
Date: Fri, 26 Mar 2004 10:44:55 +0000


--On 24 March 2004 13:23 +0000 Marnus Marx <Marnus.Marx () m-1 co uk> wrote:


I am looking to set up a IDS system, and I am considering snort as one of
the apps... My question is this: Can snort do all of the following, and
if not, can I have some guidelines to something that might be able to:
It sounds as though you haven't understood the difference between Network IDS (NIDS) and Host IDS (HIDS). I respectfully suggest you do some reading about the differences. You might also want to look into vulnerability scanning tools such as Nessus and nmap, as well as tools such as tripwire. 


Scan system for file changes (integrity check)


No.


Scan system for unexpected activety (network)


Maybe, depending on exactly what you're asking.


Scan system for unwanted users


No.


Scan sytsem for unwanted software (placed, installed or running)
No, though it will detect connections to/from network backdoors/trojans for which it has signatures. 


Capture data of unwanted users for logging


If the data goes across the network, yes, otherwise no.


Capture data of unwanted software for logging


Eh?


Track source of unexpected activety and log it.


Yes, for network activity.


Track source of unwanted users and log it.


If they're coming in across an IP connection yes, otherwise no.


Block unwanted users.
snort can control a separate firewall, or can be patched to run as an inline Network Intrusion Protection System (NIPS, or simply, IPS). conceivably you could configure it to do all sorts of other things using flexresp, but you're probably thinking more in terms of HIDS. 


Block and remove unwanted software.


Yes to blocking, potentially, no to removing.


Create a report of all actions taken


Oh yes. Voluminous reports. :-)


Marnus Marx


Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: