----- Original Message ----- From: "rd" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 13, 2003 12:13 AM Subject: Re: [gentoo-user] IDS
> What are you using to modify iptables after snort detects > something bad? > > With ipchains, I used to use 'guardian' (available from > link on snort web page), but have not updated it so it will > work with iptables yet. > > Is your work GPL? I am sure many more experienced IDS > users would be interested. Since I'm a professional perl programmer, I wrote a script for our company in perl that reads out snort logs and creates rules for iptables. But it ain't gpl, only for internal business, sorry. > > -rdg > > --- SN <[EMAIL PROTECTED]> wrote: > > MessageIf it's a single maschine, then I'd suggest snort. > > > > But as I followed the thread, you don't seem to have ever > > worked with either snort or prelude, this is bad, gentoos > > preconfigured scripts suck, to get some out of it you > > will have to reconfigure a couple of things.. I have > > setup snort on several distros , but they usually had one > > thing in common a bad start configuration. > > I have written some additional scripts, that add better > > snort support for dialup users and I have added support > > for automatic blocking through iptables in case snort > > detects critical attacks. > > > > The thing is as someone mentioned earlier, if you don't > > have a lot of knowledge of real attacks, network setup > > etc. and if you are not experienced with an ids all you > > will get is a load of information that you don't know how > > to interpret. > > ----- Original Message ----- > > From: Chase Jeffery D > > To: [EMAIL PROTECTED] > > Sent: Monday, November 10, 2003 10:07 PM > > Subject: RE: [gentoo-user] IDS > > > > > > single machine. This is going to be installed on my > > firewall machine...... > > > > > > -----Original Message----- > > From: SN [mailto:[EMAIL PROTECTED] > > Sent: Monday, November 10, 2003 3:26 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [gentoo-user] IDS > > > > > > Depends on your network, single machine or a whole > > set of machines? > > ----- Original Message ----- > > From: Chase Jeffery D > > To: [EMAIL PROTECTED] > > Sent: Monday, November 10, 2003 7:48 PM > > Subject: [gentoo-user] IDS > > > > > > Hi everyone, Just wondering what Network intrusion > > detection software is the best. I've heard the main two > > programs to use would be Snort or Prelude and am > > wondering which of the two gives you more > > flexibility(configuration) and better > > detection/reporting? > > > > Thanks for your help, > > Jeff > > > > > __________________________________ > Do you Yahoo!? > Protect your identity with Yahoo! Mail AddressGuard > http://antispam.yahoo.com/whatsnewfree > > -- > [EMAIL PROTECTED] mailing list > > -- [EMAIL PROTECTED] mailing list
