Re: IDS: Snort and Netranger

Tue, 05 Dec 2000 10:49:01 -0800 


As stated before to the list, we found the cisco product to be a poor
solution.  They lack a scripting language, so there is no real ability to
tune them.  We found them to be awfully noisey in that they constantly set
off false positives.  Of course, I have to admit, I felt they were also
deployed in the wrong place, but, this still holds water.  Stick with
snort or move to nfr, something you can tune to your specific
environment.

Thanks,

Ron DuFresne

On Tue, 5 Dec 2000, Pere Camps wrote:

> Hi!
> 
>       From your experiences, do you consider that Cisco's Netranger is
> better than Snort?
> 
>       Let me put you in my situation:
> 
>       We have some snort IDS running on our site and we're quite happy
> with it. Quite stable and quite a lot of signatures. And quite easy to
> understand what's going on for the unexperienced with SnortSnaf. I could
> only ask for a nicer way to have stuff done on real-time.
> 
>       OTOH, we have 3 NetRangers that somebody bought and we might as
> well use them. However, would we see any noticeable gain? Also, the
> Director must run NT (it can run on OpenView, but we're not going to buy a
> OV license just for NetRanger), and this all Solaris/Linux and I don't
> like the fact of supporting another OS, securing it, etc, etc...
> 
>       Any insights would be greatly appreciated.
> 
> ps: For what I've read on this mailing list so far, I'd have bought NFR
> instead of the NetRangers... but well, nothing I can do now. We might as
> well go ahead and sell the NetRangers.
> 
> -- p.
> 
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to