Snort ( http://www.snort.org ) won't cost you anything other than the time to learn it, and really no matter what kind of IDS solution you use, there is a decent learning curve to overcome.
On Mon, 13 Dec 2004 18:05:50 -0500, Kern, Tom <[EMAIL PROTECTED]> wrote: > my company is looking at getting cisco security agent for intrusion > prevention. Personally, at $60,000, I think its a bit much. > does anyone have any cheap intrusion prevention software they use out there? > or can you lockdown your desktops enough via GPO's and good AV? > > we get alot of bots lately on our network. these bots infect fully patched > boxes and start making outbound requests on ports 445 and 6667 flooding our > network to a crawl and sometimes even DOSing our firewall. > as i've said, they even infect patched pc's with fully updated AV > defs(Symantec corporate 9.0). > the attraction to cisco is that(according to cisco marketing..), an client > agent is installed which will stop the action of any unauthorized app or > service from running and alert an admin. > still, i think there's got to be a cheaper way to stop this stuff. > any ideas(or personal experience with cisco agent)? > thanks > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
