Re: Detecting Broadcast with Snort

[Gene Yoo <gyoo () attbi com>]

Matt Kettler wrote:
> Since excessive broadcasts are an ethernet layer problem (although they 
> can be IP directed), what kind of corrective action could snort possibly 
> take?

<snip>
snort is not an intrusion prevention system.  i also would like to know 
if someone had configured their snort to take corrective action, i mean 
i get my alerts and so forth...

> At 12:14 PM 2/21/2003 +0100, Ramon Barquier wrote:
>
> > Hi there
> >
> > We are interested in installing Snort in our university. But we have 
> > in doubt about the capability of Snort for detecting excessive 
> > broadcast and make some corrective action automaticaly. Sometimes we 
> > have excessive broadcast in our network that provoke a lot of problems.

<snip>
excessive broadcast?  i think you need to look into tools like netsaint 
or other network monitoring tool first.

gene yoo
--
<<gyoo [at] attbi [dot] com>>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iQCUAwUBPhxERRxoVYCzmrKXAQJK5gP3Y7CTsFyKpEz2p5W4GWI9+qSm+kWfdJ0R
xNlma0Ma9rAL/OBJcZMo5IXyXas+3Edogbv4Al6dIf8lot1WS0Iaxxl/cg2f7gf+
otf7LfNpZDE/6OzR7A1qN6baPMLSjGzywwQWMfSVuWWb6kGQxMsA13Kn68G7Ozxs
5CODZqUPyg==
=AolA
-----END PGP SIGNATURE-----




-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users