Default snort configuration is really paranoid. It makes snort logs really noisy especially with rpc stuff (nfs is a good example). But once you tune the rules themselves, it becomes manageable.
rowel On Tue, 12 Nov 2002, Orlando Andico wrote: > On Tue, 12 Nov 2002, Ronald Warner wrote: > .. > > plugmembers, what are your thoughts on having both an ids (such as > > snort) and a firewall in the same box? is it advisable? thanks. > > we're doing it and it's ok. > you might want to use "hogwash" or "guardian" so that IDS output results > in dynamic iptables rules. > > the problem is that stock snort is TOO sensitive: pretty soon most of your > ports get blocked by the paranoiac snort. > _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
