![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: Snort capabilities
From: "AJ Butcher, Information Systems and Computing" <Alex.Butcher () bristol ac uk>
Date: Fri, 26 Mar 2004 10:44:55 +0000
--On 24 March 2004 13:23 +0000 Marnus Marx <Marnus.Marx () m-1 co uk> wrote:
I am looking to set up a IDS system, and I am considering snort as one of the apps... My question is this: Can snort do all of the following, and if not, can I have some guidelines to something that might be able to:
It sounds as though you haven't understood the difference between Network IDS (NIDS) and Host IDS (HIDS). I respectfully suggest you do some reading about the differences. You might also want to look into vulnerability scanning tools such as Nessus and nmap, as well as tools such as tripwire.
Scan system for file changes (integrity check)
No.
Scan system for unexpected activety (network)
Maybe, depending on exactly what you're asking.
Scan system for unwanted users
No.
Scan sytsem for unwanted software (placed, installed or running)
No, though it will detect connections to/from network backdoors/trojans for which it has signatures.
Capture data of unwanted users for logging
If the data goes across the network, yes, otherwise no.
Capture data of unwanted software for logging
Eh?
Track source of unexpected activety and log it.
Yes, for network activity.
Track source of unwanted users and log it.
If they're coming in across an IP connection yes, otherwise no.
Block unwanted users.
snort can control a separate firewall, or can be patched to run as an inline Network Intrusion Protection System (NIPS, or simply, IPS). conceivably you could configure it to do all sorts of other things using flexresp, but you're probably thinking more in terms of HIDS.
Block and remove unwanted software.
Yes to blocking, potentially, no to removing.
Create a report of all actions taken
Oh yes. Voluminous reports. :-)
Marnus Marx
Best Regards, Alex. -- Alex Butcher: Security & Integrity, Personal Computer Systems Group Information Systems and Computing GPG Key ID: F9B27DC9 GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort capabilities Marnus Marx (Mar 25)
- Re: Snort capabilities AJ Butcher, Information Systems and Computing (Mar 26)