Re: criticism of snort in articles that I can not remember being explained or rebutted on this list. Device Discovery slash manually configuring snort.

["James-lists" <hackerwacker () cybermesa com>]

> > However, until snort becomes a no brainer the reviews will continue
to
> > portray snort as the cinderella of IDS's. The problem with bad press
is
> > that some managers don't know enough to objectively decide on what
> > solution is best for the organization and proprietary vendors in
their
> > sales pitch will say that snort is too difficult to configure and
our
> > product won an A+ from .... magazine.

You cannot understand security till you are, as I call it, "Packet
minded".
Managers may wish for a box that has 2 lights, 1 for "OK" and another
for "You have been hacked" but if this is the depth of one's
understanding
they will be hacked again and again. No IDS can help with this
situation.
Security will always be nity-gritty & complex. One size will never fit
all.

I get 2,000 to 10,000 alerts a day on a well tuned rule set. I know a
whole
lot more from the thousands of hits that are not true penetrations and
the false
positives than the occasional one that means some has broken in or is
close to
this point.




-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users