Snort mailing list archives
re: 1. Network World IDS report (Jason Haar)
From: "Joe Pampel" <joe () ardsley com>
Date: Thu, 27 Jun 2002 10:28:06 -0400
Thanks for the heads up Jason! uh oh.. feel a rant coming on! <rant> It just bums me out that they kinda short-changed Snort two, well really 3 ways: 1. by having it misconfigured during that one test you don't know if it would have detected the SYN flood.. 2. They use the lack of a GUI and event correlation as a "con" at the end.. In 3 months of working on Snort they've never heard of ACID or IDS Center or DMARC or or.. Let alone SPADE? C'mon guys!! Who are they writing for? 3. If the load is a problem, you get a bigger box. <a big rousing "thank you Dr. Von Braun!"> Part of the package with an OS implimentation.. they also didn't say what they ran Snort on. Did I miss that part? (BSD? Win32? Redhat? Solaris? i386?) I have had Snort crash on me once the past 18 months, and that's running on NT4, multiple sensors (3MB internet & 100MB/switched LAN) and I think it was Windows that dropped the ball, not Snort... As soon as I become a better nixer that box will be BSD for sure. Are they afraid of giving it too high marks and angering advertisers? Nah, that never happens. </rant> Just call me Jaded. - The net admin formerly known as Joe. Message: 1 Date: Thu, 27 Jun 2002 11:17:06 +1200 From: Jason Haar <Jason.Haar () trimble co nz> To: snort-users () lists sourceforge net Organization: Trimble Navigation New Zealand Ltd. Subject: [Snort-users] Network World IDS report http://www.nwfusion.com/techinsider/2002/0624security1.html Good read I feel. Sums up the biggest problem with IDS today (false positives - or information overload). Interesting to see how almost all these commercial IDS systems crashed under load... :-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- re: 1. Network World IDS report (Jason Haar) Joe Pampel (Jun 27)
- <Possible follow-ups>
- RE: re: 1. Network World IDS report (Jason Haar) Hicks, John (Jun 27)
- RE: re: 1. Network World IDS report (Jason Haar) Detmar Liesen (Jun 27)