What are you using to modify iptables after snort detects something bad? With ipchains, I used to use 'guardian' (available from link on snort web page), but have not updated it so it will work with iptables yet.
Is your work GPL? I am sure many more experienced IDS users would be interested. -rdg --- SN <[EMAIL PROTECTED]> wrote: > MessageIf it's a single maschine, then I'd suggest snort. > > But as I followed the thread, you don't seem to have ever > worked with either snort or prelude, this is bad, gentoos > preconfigured scripts suck, to get some out of it you > will have to reconfigure a couple of things.. I have > setup snort on several distros , but they usually had one > thing in common a bad start configuration. > I have written some additional scripts, that add better > snort support for dialup users and I have added support > for automatic blocking through iptables in case snort > detects critical attacks. > > The thing is as someone mentioned earlier, if you don't > have a lot of knowledge of real attacks, network setup > etc. and if you are not experienced with an ids all you > will get is a load of information that you don't know how > to interpret. > ----- Original Message ----- > From: Chase Jeffery D > To: [EMAIL PROTECTED] > Sent: Monday, November 10, 2003 10:07 PM > Subject: RE: [gentoo-user] IDS > > > single machine. This is going to be installed on my > firewall machine...... > > > -----Original Message----- > From: SN [mailto:[EMAIL PROTECTED] > Sent: Monday, November 10, 2003 3:26 PM > To: [EMAIL PROTECTED] > Subject: Re: [gentoo-user] IDS > > > Depends on your network, single machine or a whole > set of machines? > ----- Original Message ----- > From: Chase Jeffery D > To: [EMAIL PROTECTED] > Sent: Monday, November 10, 2003 7:48 PM > Subject: [gentoo-user] IDS > > > Hi everyone, Just wondering what Network intrusion > detection software is the best. I've heard the main two > programs to use would be Snort or Prelude and am > wondering which of the two gives you more > flexibility(configuration) and better > detection/reporting? > > Thanks for your help, > Jeff > __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree -- [EMAIL PROTECTED] mailing list
