Snort mailing list archives
RE: Using Snort as IDS + packet logger
From: Richard Bejtlich <richard_bejtlich () yahoo com>
Date: Wed, 15 Oct 2003 18:53:03 -0700 (PDT)
Damiano, I suggest running a completely separate process to log packets. On Windows 2000 use Windump (http://windump.polito.it/). Better yet, if you're trying to get "statistics," log traffic on a completely different box, preferably running a BSD or Linux distro. This sort of diversity of collection can save your bacon if an adversary takes down your Snort implementation. Sincerely, Richard Bejtlich http://taosecurity.com __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Using Snort as IDS + packet logger Damiano Bolzoni (Oct 15)
- Re: Using Snort as IDS + packet logger Scot Scot (Oct 16)
- <Possible follow-ups>
- RE: Using Snort as IDS + packet logger Richard Bejtlich (Oct 15)
- RE: Using Snort as IDS + packet logger grant (Oct 16)