Snort mailing list archives
Re: Beginner w/ IDS and snort
From: Erek Adams <erek () theadamsfamily net>
Date: Thu, 23 Aug 2001 12:02:03 -0700 (PDT)
On Thu, 23 Aug 2001, Snail945 wrote:
This is a beginner's question. I'm just getting started with an IDS project based on "free tools" and would appreciate some advise on the platform to use and any pointers from those who have seen the "good and the bad".
No, this question is the prelude to a religous war. Rules of Conversation in
this day and age:
1) Don't Discuss Religon
2) Don't Discuss Politics
3) Don't Discuss MyOS vs. YourOS
:)
I'm thinking about using either a Linux/SNORT/DEMARC solution or a Windows 2000/SNORT solution for the IDS. I come from many years of administering Windows based systems and am very comfortable administering and securing them, but am sorta a "beginner to intermediate" with Linux and Unix. That said, I'm very much open to building this IDS on the "ideal platform" and doing whatever research and testing is required to make it successful. I'm comfortable with cli, but regardless of platform, I'd like to have a front-end that provides meaningful "quick-glance" information, and a way to sort through all the data.
Sensor: Whatever _stable_ and _secure_ OS you can run (and compotently), on hardware that is rock solid. Management Console: Whatever _stable_ and _secure_ OS you can run (and compotently), on hardware that is rock solid. See the theme yet? :) Front End: Acid, SnortSnarf, SnortReport, etc... Most of them PHP, Perl, etc... All ported to various OS's.
I'd really appreciate any objective advise on which platform to move forward with and general pointers.
I'll not bore you with retoric. In my experience, I've never seen a MS box with a good TCP/IP stack. Since you are _VERY_ dependant on that for an IDS, I would look elsewhere--But that's must my opinion. Personally, I think some of the Free OS's out there do quite well TCP/IP wise. *BSD has a solid and quick stack. Lots of driver support. Linux has a new stack now with 2.4 but I don't run it, so I can't speculate on it. Solaris reminds me of a tank--Once you finish tinkering with it, it just goes... Anyway, pick your poison. Hell, break out that SegaDreamcast and put NetBSD on it. :) I'll bet the snort developers would love a new platform to support! ;-) Good luck! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Beginner w/ IDS and snort Snail945 (Aug 23)
- Re: Beginner w/ IDS and snort Wesley Eddy (Aug 23)
- Re: Beginner w/ IDS and snort Mark Rowlands (Aug 24)
- Re: Beginner w/ IDS and snort Erek Adams (Aug 23)
- Re: Beginner w/ IDS and snort JP (Aug 23)
- Re: Beginner w/ IDS and snort Snail945 (Aug 23)
- Re: Beginner w/ IDS and snort Daniel Voyer (Aug 24)
- <Possible follow-ups>
- RE: Beginner w/ IDS and snort Steve Halligan (Aug 23)
- Re: Beginner w/ IDS and snort Wesley Eddy (Aug 23)