Re: [gentoo-user] IDS

[SN]

Title: Message

If it's a single maschine, then I'd suggest snort.   But as I followed the thread, you don't seem to have ever worked with either snort or prelude, this is bad, gentoos preconfigured scripts suck, to get some out of it you will have to reconfigure a couple of things.. I have setup snort on several distros , but they usually had one thing in common a bad start configuration. I have written some additional scripts, that add better snort support for dialup users and I have added support for automatic blocking through iptables in  case snort detects critical attacks.   The thing is as someone mentioned earlier, if you don't have a lot of knowledge of real attacks, network setup etc. and if you are not experienced with an ids all you will get is a load of information that you don't know how to interpret. ----- Original Message ----- From: Chase Jeffery D To: [EMAIL PROTECTED] Sent: Monday, November 10, 2003 10:07 PM Subject: RE: [gentoo-user] IDS single machine.  This is going to be installed on my firewall machine......     -----Original Message----- From: SN [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 3:26 PM To: [EMAIL PROTECTED] Subject: Re: [gentoo-user] IDS Depends on your network, single machine or a whole set of machines? ----- Original Message ----- From: Chase Jeffery D To: [EMAIL PROTECTED] Sent: Monday, November 10, 2003 7:48 PM Subject: [gentoo-user] IDS Hi everyone, Just wondering what Network intrusion detection software is the best.  I've heard the main two programs to use would be Snort or Prelude and am wondering which of the two gives you more flexibility(configuration) and better detection/reporting? Thanks for your help,         Jeff