RE: [FW1] Intrusion Detection Solution

Sat, 01 Sep 2001 09:57:29 -0700 


FWIW I run Snort as well, inside and outside the FW. I use the ACID front end which 
uses PHP to grab data from a mysql database and it really IMHO makes the program 
extremely useable this way. Start with a top level # of total alerts, unique alerts 
total or for today, breakdown by protocol, how many hosts tried to hit how manhy of 
your hosts..  and drill down to the actual packets for more info. It just rated 3rd in 
a Network Computing (?) feature on NIDS/HIDS packages and I think would have placed 
higher if Snort bought ads.. just kidding. The constant signature updates are great, 
the language is easy to suss and there are vendors out there (Private I for one) who 
say they are going to be able to work with snort soon. 
Yes, you have to DIY a bit, but if I can do it, anyone can. If you need the windows 
port, go to www.silicondefense.com and look up the "how to" for windows users. It 
literally could not be any easier to do. And it works great.
(sorry for the spam, but I like it that much!)

-Joe

<<< "Cepeda, Josh" <[EMAIL PROTECTED]>  8/31  5:30p >>>
I use Snort. You may want to check it out. Its free and they have an active
mailing list. I run the Unix version but there is a Windows NT port. Here is
the link.
 
http://snort.sourcefire.com/downloads.html
<http://snort.sourcefire.com/downloads.html> 
 
 
Download: snort-win32
-----Original Message-----
From: Mack, Don [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 28, 2001 8:40 AM
To: [EMAIL PROTECTED]
Subject: [FW1] Intrusion Detection Solution


We are looking into an Intrusion Detection Solution.  Does anyone know of an
IDS that works well with Check Point FW-1 (and NG) and that also runs on
NT/2000?  We are currently looking at RealSecure, and wanted to know what
other products come recommended. 
 
Don Mack
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> 
 
 

                        


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to