Snort mailing list archives
Snort Implementation
From: yyyyyy yaher <jacobbec () yahoo com>
Date: Tue, 13 Jan 2004 00:49:47 -0800 (PST)
Hello, I am working for an ISP , sometimes we are facing threats like attacks, worms traffic that affect our Performance and cause services tobe stopped . IDS Solution could help us in identifying the source and Kind of attacks hitting our network. we have been advised to use Snort and we are going to install it on Linux Redhat. I am new to Snort , i have read Snort Manual and the FAQs related , but i am still feeling confused a little bit , i have several questions to post and i hope thankfully getting clear answers : 1-What is the most stable version of Snort that have been tested ? 2- is it possible to get Snort running on Linux Redhat without installing Mysql and ACID ? do i get all the Alerts generated by Snort in that case? and wthat is the impact on Snort Performance ? 3- what are the basic commands to run Snort in IDS mode in order to capture and analyze packets and generates Alerts in simple format ? and how can i optimize its function in orderto filter the false positives messages and get only the real Threats? 4-does snort.conf is updated with the most rules regarding recent attacks and worms ? and how could i verify that ? 5- our ISP can serve Dialup and Corporate( such as wave-wireless and leased line ) customers by Two Cisco 7200 routers connecting all these customers to Internet , our services ( DNS, Billing servers ,Radiator,WWW server ,..) are proteced by a PIX firewall, however the proxies are running on the Outside interface, so where is the best place to put Snort sensor in order to get a clear idea about what s happening and react immediately to block the threat? sorry for that long story but it s critical to me to know all the above questions. Best Regards, Jacob. Email: Jacobbec () yahoo com __________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Implementation yyyyyy yaher (Jan 13)
- Re: Snort Implementation Matt Kettler (Jan 13)
- <Possible follow-ups>
- Snort Implementation yyyyyy yaher (Jan 13)
- Snort Implementation yyyyyy yaher (Jan 13)