> Because of NDA, I cannot *name* the network where I was a part of the team > installing and maintainting SNORT on a large network, but I can tell you > that this network is one of the top tier-1 NSPs. I can tell you that > SNORT is the sole such product chosen for this purpose, and that it works > better than we could have possibly hoped for. last I looked, SNORT was > being used on circuits as large as OC12s.
well it wouldnt be good to name those anyway as you dont know how many snort 0-days exist and the next time something goes public could mean that those networks are targeted first. afterall its up to you, i just thought i give you guys this hint. its never a good idea to make such information public, thats why many people fake their daemon versions, or dont show them at all. -sk Http://www.groundzero-security.com ----- Original Message ----- From: "J.A. Terranson" <[EMAIL PROTECTED]> To: "Native.Code" <[EMAIL PROTECTED]> Cc: <[email protected]> Sent: Friday, December 09, 2005 6:13 PM Subject: Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprisenetwork > > On Fri, 9 Dec 2005, Native.Code wrote: > > > Is Snort enterprise ready where it can be deployed to monitor > > mission-critical network? > > Yes. It is, and has been for some time. > > > If any of you can name any big network which is using Snort as an example, > > it will be very helpful. > > Because of NDA, I cannot *name* the network where I was a part of the team > installing and maintainting SNORT on a large network, but I can tell you > that this network is one of the top tier-1 NSPs. I can tell you that > SNORT is the sole such product chosen for this purpose, and that it works > better than we could have possibly hoped for. last I looked, SNORT was > being used on circuits as large as OC12s. > > The problem isn't going to be your sensor (SNORT et al), but your back end > software - *that* part is a bitch! > > > -- > Yours, > > J.A. Terranson > [EMAIL PROTECTED] > 0xBD4A95BF > > > I like the idea of belief in drug-prohibition as a religion in that it is > a strongly held belief based on grossly insufficient evidence and > bolstered by faith born of intuitions flowing from the very beliefs they > are intended to support. > > don zweig, M.D. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
