> From: "Eric Frisch" <[EMAIL PROTECTED]>
> Date: Tue, 27 Mar 2001 09:38:29 -0500
> Content-Type: text/plain;
> charset="iso-8859-1"
> X-Priority: 3 (Normal)
> X-MSMail-Priority: Normal
> Importance: Normal
> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
> Sender: [EMAIL PROTECTED]
> Precedence: bulk
>
> Anthony David wrote:
>
> > Luca
> >
> > Now I had time to ponder this a bit more and had a look at my snort
> > database after installing snort a few days ago, do you see ntop as a
> > complimentary tool or an alternative tool to snort in a short while?
> >
>
> >From my viewpoint I don't see the rational of turning Ntop into an intrusion
> detection tool when there are other very viable alternatives like Snort out
> there. Ntop has turned into a house of cards, way too many features built
> on an unstable foundation. No version capable of running for more than a
> few minutes has been released in the past year and there are many doubts as
I think you are waekening the point with hyperbole here. There have
been significant strides made in stability on most platforms.
I have been running my last ntop for 5 days on my Slackware 7.1 distribution
and it has seen a few hundred MB of packets.
Testing at a high-volume Solaris 2.6 site will he happening shortly.
> to the accuracy of various traffic statistics. Running an IDS that dies
> every five minutes is not of much use. No stable release and no trust adds
> up to no use, no matter how pretty it looks and how many features are added.
>
> At this point I would add by taking away, pull the web interface out and run
> the app as a CGI or as a daemon that builds static pages to be served by a
> standard web server. Strip the thing down to the basics and make it
You can pull your own stats off already with the Perl plugin.
> bullet-proof. The most useful stuff is the traffic tables and accounting.
> Get that right and then tack on the other stuff in a modular and methodical
> way such that it can easily be pulled or debugged if it introduces stability
> problems.
>
> Eric
>
>
--
Anthony David | Save Ferris
Anthony David & Associates Pty Limited | Free Truman
http://adavid.com.au/ | Redeem Londo
0xA72CE1ED fingerprint = EA1E C69E FE59 BBE1 AA4B F354 BD09 9765 A72C E1ED
