Snort mailing list archives
Re: Looking for a prebuilt Snort IDS Distro
From: Pak Chan <brightlilim () gmail com>
Date: Mon, 24 Sep 2012 18:48:45 +0100
Sorry, by "network filter", read "IPS". I can see that it's going to be a fun ride, getting reacquainted with the theory and practice... Pak "Build a fire for a man, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life." On 23 September 2012 11:10, Doug Burks <doug.burks () gmail com> wrote:
Hi Pak, You can manually configure Security Onion as an IPS but that's not what it was designed for and we don't support it. We do support BPFs for ignoring specific IP addresses. If you have further questions specific to Security Onion, please feel free to use our mailing list: http://groups.google.com/group/security-onion Thanks, Doug On Saturday, September 22, 2012, Pak Chan wrote:Sorry, that was really badly phrased. I meant to say that I haven'tdiscovered all of what it can do yet, so can't comment on its capabilities or lack thereof. I'm still in the process of configuring it (and will be for a while, mixed in with other work). I also haven't decided if I want to have it as an inline sensor/network filter (can it filter as well as sense?) or just an out-of-band sensor.I'll also need to see about configuring it to ignore certain IPaddresses occasionally (for targeted penetration tests, etc.), which I've not looked into yet.So, I might as well ask the questions: can I use SO as a network filter,and can I configure it to allow pen tests on servers without triggering massive amounts of alerts?Pak "Build a fire for a man, and he'll be warm for a day. Set a man on fire,and he'll be warm for the rest of his life."On 21 September 2012 23:09, Jeremy Hoel <jthoel () gmail com> wrote: Out ojmf curiosity, what does SO not do for you? On Sep 21, 2012 5:33 PM, "Pak Chan" <brightlilim () gmail com> wrote: That may be true, but there are people who just need an IDS, and havingan easy-to-use IDS appliance (which is effectively what a distro is, or should be) will help that. Most people won't delve into the code to understand how it works underneath, in the same way that most people just purchase and install firewalls without understanding how they work. It means they won't get the best out of it, but it's a great deal better than if they didn't have one at all.Personally, I'm in that situation at the moment. The last time I lookedat an IDS was one I had helped to build about ten years ago, and it was so primitive compared to the capabilities modern ones have. I'm getting back into it again, and finding myself short on time to learn about the fundamentals, I've decided to go for the SecurityOnion distro. It doesn't satisfy everything I want (yet), but that's down to my lack of experience in tweaking it. I'll get better as I learn more about it, but I don't want to be exposed in the meantime. I'll settle for less-than-ideal in the short term.Pak "Build a fire for a man, and he'll be warm for a day. Set a man on fire,and he'll be warm for the rest of his life."On 21 September 2012 17:51, PR <oly562 () gmail com> wrote: ps. it shouldn't matter what distro, unix/linux, its nix, prebuilt? that means, no real configuring at the beginning, therefore, you will not learn how it works, where it is, how it can be tweeked, unless you are a wizard. not to say you can figure it out, it just means, you will have less knowledge about how it works at the core. On Fri, 2012-09-21 at 13:14 +0000, Turnbough, Bradley E. wrote:From: Jaime Nebrera [mailto:jnebrera () gmail com] Sent: Friday, September 21, 2012 2:51 AM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Looking for a prebuilt Snort IDS Distro On 20/09/12 15:26, Turnbough, Bradley E. wrote: I’m looking for a prebuilt snort IDS Distro. Preferrably based on the Centos 6 series. Any Suggestions? I’d like it to have (at a minimum): Snort Barnyard 2 Snorby Mysql Hi Bradley, I would suggest redBorder.net It contains Snort, Barnyard 2, Snorby (for event management) and MySQL. Besides those, you have a very powerful rule manager, config system and SNMP monitoring as an extension of Snorby and performance enhancements on the Snort side. It is free for registered users and under open source license. Exactly what I was looking for…. Thanks Jamie! This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.------------------------------------------------------------------------------ -- Doug Burks http://securityonion.blogspot.com -- Doug Burks http://securityonion.blogspot.com ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Looking for a prebuilt Snort IDS Distro, (continued)
- Re: Looking for a prebuilt Snort IDS Distro Ray Caparros (Sep 20)
- Re: Looking for a prebuilt Snort IDS Distro Jaime Nebrera (Sep 21)
- Re: Looking for a prebuilt Snort IDS Distro Turnbough, Bradley E. (Sep 21)
- Re: Looking for a prebuilt Snort IDS Distro PR (Sep 21)
- Re: Looking for a prebuilt Snort IDS Distro PR (Sep 21)
- Re: Looking for a prebuilt Snort IDS Distro Pak Chan (Sep 21)
- Re: Looking for a prebuilt Snort IDS Distro Jeremy Hoel (Sep 21)
- Re: Looking for a prebuilt Snort IDS Distro Pak Chan (Sep 22)
- Re: Looking for a prebuilt Snort IDS Distro Jeremy Hoel (Sep 22)
- Message not available
- Looking for a prebuilt Snort IDS Distro Doug Burks (Sep 23)
- Re: Looking for a prebuilt Snort IDS Distro Pak Chan (Sep 24)
- Re: Looking for a prebuilt Snort IDS Distro Turnbough, Bradley E. (Sep 21)