On 14/04/05 09:37 -0600, Chris Moore wrote:
> Hi Riccardo,
>  
> If you're looking for an open source IDS then you probably want SNORT.
> Ntop can be an extremely useful security tool, but it'd take quite a lot
> of work to turn it into an IDS.

Actually, simply looking at traffic which should not exist, or which
should is quite a useful indicator of compromise. 

Think of traffic from port 25 to random servers from a single non
outbound MTA host. That should immediately trigger off a virus/spammer
alert, regardless of your content analysing IDS catches it.

Devdas Bhagat
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

Reply via email to