On Thu, 2005-06-09 at 23:29 +0300, Kim Onnel wrote:
> How about project Darknet and sinkholes and monitoring dark ip space,
> worms and botnets usually scans blindly right and left, so there is a
> good chance you will get a glimpse on infected hosts if thats what you
> want, i catch infected hosts
Drew Weaver wrote:
> Howdy, I am not sure if this is the proper place, if not
> I've noticed you guys know what to do so I'll put the fire retardant
> suit on now. Recently due to growth we have seen an influx of
> "different" and "interesting" types of characters ending up on our
> ne
How about project Darknet and sinkholes and monitoring dark ip space,
worms and botnets usually scans blindly right and left, so there is a
good chance you will get a glimpse on infected hosts if thats what you
want, i catch infected hosts by looking at apache access logs and i see
alot of scans,
>> My suggestion, in the case that you'll use snort, is to do some extensive
>> testing on a non-production network. Take the time to learn and
>> understand its functionality and intended purpose.
> Also figure out what you're going to do with the output. Do you have
> the resources to investi
On 6/9/05 12:08 PM, "Steven M. Bellovin" <[EMAIL PROTECTED]> wrote:
> Also figure out what you're going to do with the output. Do you have
> the resources to investigate apparent misbehavior? Remember that any
> IDS will have a certain false positive rate. Even for true positives,
> do you hav
Title: Re: Using snort to detect if your users are doing interesting things?
And when you do set up such an arrangement, depending on the number of rules you turn on, you can generate truly massive volumes of data to be analyzed by ACID or other tools. It is relatively easy to deploy snort
We just finished deploying a Snort IDS system
on our network. The task of doing so was well worth the effort, and quite a bit
of effort and resources were needed for our deployment. Due to the fact that we
have a sustained 5Gbps of traffic to monitor in our Tampa data center alone, a
simple
In message <[EMAIL PROTECTED]
ec.com>, [EMAIL PROTECTED] writes:
>
>
>As it was already noted, you need to be very careful about how you set
>your IDS up, specifically if you choose snort.
>Snort is a very powerful tool, when used correctly. Unfortunately, when
>used incorrectly, it can hose yo
I'm wondering what is the best way to detect people doing these things
on my end. I realize there are methods to protect myself from people
attacking from the outside but I'm not real sure how to pinpoint who is
really being loud on the inside.
One of the best things we did was setup a snor
Drew Weaver <[EMAIL PROTECTED]>
cc
nanog@merit.edu
Subject
Re: Using snort to detect
if your users are doing interesting things?
On Thu, Jun 09, 2005 at 11:45:54AM -0400, Drew Weaver wrote:
> I'm wondering what is the best way to detect people doing these things
> on
On Thu, Jun 09, 2005 at 11:45:54AM -0400, Drew Weaver wrote:
> I'm wondering what is the best way to detect people doing these things
> on my end. I realize there are methods to protect myself from people
> attacking from the outside but I'm not real sure how to pinpoint who is
> really being loud
11 matches
Mail list logo
