> Here is a good place to start regarding Suricata or Snort. > >http://www.linux.org/threads/suricata-the-snort-replacer-part-1-intro-install.4346/
Is the free to use version of Snort going away? I scanned the page mentioned above but it seems unclear. Suricata sounds like an excellent replacement given the advanced features, but I have to say Snort is doing a fine job for us. I use the free Registered User rules and the free Emerging Threats rules, and Snort is busy blocking port scans and all kinds of activity, while not bothering/blocking our user's activity. Not that we rely solely on Snort - no unnecessary ports are listening to the web. No management ports like 22 are open. Anyway, Snort doesn’t use much cpu time for our 30 user office, and pfSense makes it (kinda) easy to use. Until Suricata arrives for pfSense, I think its fine. By the way, if you have a decent speed quad-core server with at least 8GB ram, you can easily run pfSense, Suricata, and whatever else side by side in virtual machines.
_______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list