On 14/04/05 09:37 -0600, Chris Moore wrote: > Hi Riccardo, > > If you're looking for an open source IDS then you probably want SNORT. > Ntop can be an extremely useful security tool, but it'd take quite a lot > of work to turn it into an IDS.
Actually, simply looking at traffic which should not exist, or which should is quite a useful indicator of compromise. Think of traffic from port 25 to random servers from a single non outbound MTA host. That should immediately trigger off a virus/spammer alert, regardless of your content analysing IDS catches it. Devdas Bhagat _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
