Snort mailing list archives

Re: Shadow

From: "Keith W. McCammon" <mccammon () gmail com>
Date: Tue, 17 Aug 2004 14:24:56 -0400

There are lots.  SHADOW is more of a traffic collection and analysis
tool that is leveraged to function as an IDS.  Snort, on the other
hand, is an IDS that can perform generic traffic collection.

For example, SHADOW:

- doesn't have built-in alerting/output capability like Snort
- doesn't perform application-specific decoding (I.e., HTTP, SMTP, RPC, etc.)
- can't perform context-sensitive protocol analysis (al la stream4, frag2, etc.)
- lacks specific portscan detection capability

Now, you can use Snort as the collection component of SHADOW, as Snort
can output tcpdump-readable logs.  But generally speaking, SHADOW uses
filtered tcpdump for collection, which isn't nearly as robust as
Snort, nor would it scale as well in an IDS role, due to lack of
prioritization and organization of like traffic, preprocessing to get
rid of blatant garbage, etc.

Read the SHADOW docs for the details: 
http://www.nswc.navy.mil/ISSEC/CID/Install3-MS.htm



On Tue, 17 Aug 2004 09:00:28 -0500, Cesar Farro Flores
<cesar.farro () t-empresas com pe> wrote:

Hi List ,

Anybody Know what is the difference between Snort and Shadow???

-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Shadow Cesar Farro Flores (Aug 17)
- Re: Shadow Keith W. McCammon (Aug 17)
- Message not available
  - Re: Shadow Matt Kettler (Aug 17)
- Re: Shadow Tod (Aug 17)
- <Possible follow-ups>
- RE: Shadow Esler, Joel - Contractor (Aug 17)