Full Disclosure mailing list archives
Re: Snort as IDS/IPS in mission-critical enterprisenetwork
From: "sk" <sk () groundzero-security com>
Date: Fri, 9 Dec 2005 18:22:29 +0100
Because of NDA, I cannot *name* the network where I was a part of the team installing and maintainting SNORT on a large network, but I can tell you that this network is one of the top tier-1 NSPs. I can tell you that SNORT is the sole such product chosen for this purpose, and that it works better than we could have possibly hoped for. last I looked, SNORT was being used on circuits as large as OC12s.
well it wouldnt be good to name those anyway as you dont know how many snort 0-days exist and the next time something goes public could mean that those networks are targeted first. afterall its up to you, i just thought i give you guys this hint. its never a good idea to make such information public, thats why many people fake their daemon versions, or dont show them at all. -sk Http://www.groundzero-security.com ----- Original Message ----- From: "J.A. Terranson" <measl () mfn org> To: "Native.Code" <native.code () gmail com> Cc: <full-disclosure () lists grok org uk> Sent: Friday, December 09, 2005 6:13 PM Subject: Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprisenetwork
On Fri, 9 Dec 2005, Native.Code wrote:Is Snort enterprise ready where it can be deployed to monitor mission-critical network?Yes. It is, and has been for some time.If any of you can name any big network which is using Snort as an example, it will be very helpful.Because of NDA, I cannot *name* the network where I was a part of the team installing and maintainting SNORT on a large network, but I can tell you that this network is one of the top tier-1 NSPs. I can tell you that SNORT is the sole such product chosen for this purpose, and that it works better than we could have possibly hoped for. last I looked, SNORT was being used on circuits as large as OC12s. The problem isn't going to be your sensor (SNORT et al), but your back end software - *that* part is a bitch! -- Yours, J.A. Terranson sysadmin () mfn org 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Snort as IDS/IPS in mission-critical enterprise network, (continued)
- Re: Snort as IDS/IPS in mission-critical enterprise network none none (Dec 09)
- Re: Snort as IDS/IPS in mission-critical enterprise network c0ntex (Dec 09)
- RE: Snort as IDS/IPS in mission-critical enterprisenetwork Paul Melson (Dec 09)
- New paper on theory of disclosure for security & competitive reasons Peter Swire (Dec 13)
- Re: Snort as IDS/IPS in mission-critical enterprise network coderman (Dec 09)
- Re: Snort as IDS/IPS in mission-critical enterprise network c0ntex (Dec 09)
- Re: Snort as IDS/IPS in mission-critical enterprise network Michael Holstein (Dec 09)
- RE: Snort as IDS/IPS in mission-critical enterprisenetwork Paul Melson (Dec 09)
- Re: Snort as IDS/IPS in mission-critical enterprisenetwork Michael Holstein (Dec 09)
- Re: Snort as IDS/IPS in mission-critical enterprise network none none (Dec 09)
- Re: Snort as IDS/IPS in mission-critical enterprisenetwork sk (Dec 09)
- Re: Snort as IDS/IPS in mission-critical enterprise network coderman (Dec 09)
- Re: Snort as IDS/IPS in mission-critical enterprise network Technica Forensis (Dec 09)
- Re: Snort as IDS/IPS in mission-critical enterprise network Native.Code (Dec 11)
- Re: Snort as IDS/IPS in mission-critical enterprise network Mark (Dec 11)