On Mon, 10 Nov 2003, Chase Jeffery D wrote:
> Just would like to see if/when someone is trying to hack me.... > So, what do you plan to do if/when someone tries to hack you? What sort of rules are you interested in implementing? Are you planning to do real-time monitoring of your IDS (you want it to page/send e-mail/ring bells, etc?) or are you planning to use it as a casual thing that you check periodically? Network IDS, particularly without a properly tuned ruleset tailored to your specific needs, can be overwhelmingly chatty or noisy -- in terms of alerting. Speaking as someone who has been responsible for building IDS services for a Tier 1 network back-bone for the last couple of years, I'm always a little skittish when people ask about network IDS. It's vastly over-rated in terms of it's ability to provide decent security. As I asked above, what would you do if you learned that someone had tried to hack you? Unless you are someone special or use a lot of IRC, odds are you are only going to see worm-related activity and an odd port scan or two. The Internet isn't nearly as interesting a place for hacking activities as folks would like you to believe. Unless you have something worth looking at. Unless you have a clearly defined security policy (or idea what you are looking for) and this is more of the "curiosity" factor, then snort is a very good product. You can also get DeMarc or Acid as consoles to look to your heart's content at a lot of mostly uninteresting data. Thus endeth the rant. Back to your regularly scheduled programming. :-) -- [EMAIL PROTECTED] mailing list
