Snort mailing list archives

Snort Implementation

From: yyyyyy yaher <jacobbec () yahoo com>
Date: Tue, 13 Jan 2004 00:30:50 -0800 (PST)

Hello,
I am working for an ISP , sometimes  we are facing
threats  like attacks, worms traffic that affect  our
Performance and cause services tobe stopped .
IDS Solution  could help us in identifying the source
and Kind of  attacks hitting our network.
we have been  advised to use Snort and we are going to
install it on Linux Redhat.
I am new to Snort , i have read Snort Manual and the
FAQs related , but i am  still feeling  confused a
little bit , i have several questions to post and i
hope thankfully getting clear answers :
1-What is the most stable version of Snort that have
been tested ? 
2- is it possible to get   Snort running  on Linux
Redhat without installing Mysql and ACID ?  do i get
all the  Alerts generated by Snort in that case? and
wthat is the impact on Snort Performance ?
3- what are the basic commands to run Snort in IDS
mode  in order to capture and analyze  packets and
generates Alerts in simple format ? and how can i 
optimize its function in orderto filter the false
positives messages  and get only the real Threats?
4-does snort.conf is updated with the most rules
regarding recent attacks and worms ? and how could i
verify that ?
5- our ISP can serve Dialup and Corporate( such as
wave-wireless and leased line ) customers by Two Cisco
7200 routers connecting all these customers to
Internet; our services ( DNS, Billing servers
,Radiator,WWW server ,..) are proteced by a PIX 
firewall, however the proxies are running on the
Outside interface, so where is the best place to put  
Snort sensor in order to get a clear idea about what s
happening and react immediately to block the threat?

sorry for that long story but it s critical to me  to
know all the above questions.
 Best Regards,
Jacob.
Email: Jacobbec () yahoo com  


__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus


-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort Implementation yyyyyy yaher (Jan 13)
- Re: Snort Implementation Matt Kettler (Jan 13)
- <Possible follow-ups>
- Snort Implementation yyyyyy yaher (Jan 13)
- Snort Implementation yyyyyy yaher (Jan 13)