Full Disclosure mailing list archives
Re: Symantec Manhunt ?
From: <misiu_ () gmx de>
Date: Tue, 16 Dec 2003 22:26:30 +0100
but if you need realy gigabit than you only have the new stuff from "nai" IntruShield... The 1204G Proventia can only do 600 mb afaik you can install the nids not only throught proventia also on a Windoze (shudder) or a linux (RH of course) box.... host sensors is available too.... has anomaly detection... Explanations about the Alarm customizeable (????how do you spell) severity of events etc. pp. misiu ----- Original Message ----- From: "Clint Bodungen" <clint () secureconsulting com> To: <full-disclosure () lists netsys com> Sent: Tuesday, December 16, 2003 8:59 PM Subject: Re: [Full-disclosure] Symantec Manhunt ?
Hi FD, Is there someone who have already use the IDS : Symantec Manhunt 3 ? In fact, I need information about it to know if it could replace a snort 2.0... Thanks a lot for any information about ManHunt. Frederic Charpentier.Other than ManHunt being a commercial product (and Enterprise for that matter which means $$$$$), the biggest difference is its "anomaly-based detection". Snort uses signature based detection which must be pre-defined whereas, in addition to
signature
detection, ManHunt claims to also have the ability to detect a possible attack (known as well as 0 day) based on packet anomalies and patterns.
It
does work up to a point but you must invest the hours required to "fine tune" it in order to eliminate false positives (as with many IDS though). Symantec is decent about getting new signatures updates out and you do
have
the ability to create your own. If you are looking for an enterprise IDS solution to replace Snort, and
can
afford it... my vote would be a toss up between ISS Proventia and
Symantec's
ManHunt. (Keep in mind that Proventia is an appliance which includes more than just NIDS) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: A funny (but real) story for XMAS, (continued)
- Re: A funny (but real) story for XMAS Ron DuFresne (Dec 16)
- Re: A funny (but real) story for XMAS Jeffrey . Stebelton (Dec 16)
- Re: A funny (but real) story for XMAS KF (Dec 16)
- Re: A funny (but real) story for XMAS madsaxon (Dec 16)
- Re: A funny (but real) story for XMAS Kurt Seifried (Dec 16)
- OSVDB (was [Funny Story]) Gregory A. Gilliss (Dec 16)
- Re: A funny (but real) story for XMAS Kurt Seifried (Dec 16)
- RE: A funny (but real) story for XMAS Schmehl, Paul L (Dec 16)
- Symantec Manhunt ? Frederic Charpentier (Dec 16)
- Re: Symantec Manhunt ? misiu_ (Dec 16)
- Re: Symantec Manhunt ? Clint Bodungen (Dec 16)
- Re: Symantec Manhunt ? misiu_ (Dec 16)
- Re: Symantec Manhunt ? Clint Bodungen (Dec 16)
- Re: Symantec Manhunt ? Frank Knobbe (Dec 16)
- Re: Symantec Manhunt ? Clint Bodungen (Dec 17)
- Symantec Manhunt ? Frederic Charpentier (Dec 16)