Drew Weaver wrote:
Howdy, I am not sure if this is the proper place, if not
I've noticed you guys know what to do so I'll put the fire retardant
suit on now. Recently due to growth we have seen an influx of
different and interesting types of characters ending up on our
network.
On Thu, 2005-06-09 at 23:29 +0300, Kim Onnel wrote:
How about project Darknet and sinkholes and monitoring dark ip space,
worms and botnets usually scans blindly right and left, so there is a
good chance you will get a glimpse on infected hosts if thats what you
want, i catch infected hosts by
Howdy,
I am not sure if this is the proper place, if not Ive noticed you guys
know what to do so Ill put the fire retardant suit on now. Recently due
to growth we have seen an influx of different and interesting
types of characters ending up on our network. They like to do all sorts of
As it was already noted, you need to
be very careful about how you set your IDS up, specifically if you choose
snort.
Snort is a very powerful tool, when used correctly. Unfortunately,
when used incorrectly, it can hose your network over
completely.
My suggestion, in the case that you'll use
I'm wondering what is the best way to detect people doing these things
on my end. I realize there are methods to protect myself from people
attacking from the outside but I'm not real sure how to pinpoint who is
really being loud on the inside.
One of the best things we did was setup a
In message [EMAIL PROTECTED]
ec.com, [EMAIL PROTECTED] writes:
As it was already noted, you need to be very careful about how you set
your IDS up, specifically if you choose snort.
Snort is a very powerful tool, when used correctly. Unfortunately, when
used incorrectly, it can hose your
We just finished deploying a Snort IDS system
on our network. The task of doing so was well worth the effort, and quite a bit
of effort and resources were needed for our deployment. Due to the fact that we
have a sustained 5Gbps of traffic to monitor in our Tampa data center alone, a
Title: Re: Using snort to detect if your users are doing interesting things?
And when you do set up such an arrangement, depending on the number of rules you turn on, you can generate truly massive volumes of data to be analyzed by ACID or other tools. It is relatively easy to deploy snort for
On 6/9/05 12:08 PM, Steven M. Bellovin [EMAIL PROTECTED] wrote:
Also figure out what you're going to do with the output. Do you have
the resources to investigate apparent misbehavior? Remember that any
IDS will have a certain false positive rate. Even for true positives,
do you have the
My suggestion, in the case that you'll use snort, is to do some extensive
testing on a non-production network. Take the time to learn and
understand its functionality and intended purpose.
Also figure out what you're going to do with the output. Do you have
the resources to investigate
How about project Darknet and sinkholes and monitoring dark ip space,
worms and botnets usually scans blindly right and left, so there is a
good chance you will get a glimpse on infected hosts if thats what you
want, i catch infected hosts by looking at apache access logs and i see
alot of scans,
11 matches
Mail list logo
