Greg, I've been using snort + DEMARC for about a year now. Once configured, it works beautifully.
http://www.demarc.org/ Regards, Jason -----Original Message----- From: leon [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 7:10 AM To: 'Greg' Cc: [EMAIL PROTECTED] Subject: RE: Network based intrusion detection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What about snort and using something like acid? Cheers, Leon - -----Original Message----- From: Greg [mailto:[EMAIL PROTECTED]] Sent: Monday, January 07, 2002 2:46 PM To: [EMAIL PROTECTED] Subject: Network based intrusion detection I was wondering what everyone is doing for network based intrusion detection? I am looking for something I can use on a University based system with approximately 15000 nodes with various flavors of Unix, Linux, Windows, Mac, etc. I do have access to the logs of all incoming traffic (Cisco netflow). Does anyone have any scripts they use to analyze the logs, ar know of any products that will do this? Thanks in advance for any help. Greg -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPD2uzNqAgf0xoaEuEQLDoACeJ8Gf20t8U1YwgnjKUw7NmLChVgIAmgIs gq0NxE/6wuJm1PGWyJf3nM94 =hiG0 -----END PGP SIGNATURE-----
