I played around with SNORT a couple of years ago and it was a very good product. Unless it has changed, it is only an IDS, meaning it only detects and logs intrusions. It doesn't stop them. I'm not sure about it tying into your firewall. I know Realsecure does, but it costs $.
Jordan On Wed, 1 Dec 2004 10:41:56 -0500, Kern, Tom <[EMAIL PROTECTED]> wrote: > Anyone had good experiences with snort and can you recommend it as a IDS and > intrusion prevention? > I'm really getting hit hard with bots like W32.spybot.worm and > W32.Randex.BTB. I get these worms even being fully patched and my Symantec > defs are up to date. I'm looking for something cheap(read: free) to help me > stop these things or at least contain them. > > My managers are looking int Cisco Self defending networks solution but thats > big $$ and might be a whole other mangement headache. > > I was looking on some combination of our current AV(Symantec corporate 9.0) > and GPO and snort as some sort of solution. > These bots are really annoying because they seem to infect even patched and > up to date systems and then they go out on ports 445 or 54321 or 6666 and > even though our firewall(watchguard) blocks these ports, enough of these > infected systems can DOS my firewall or bring network traffic to a crawl. > > Any recommendations? > thanks alot > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
