[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] Re: Snort
> How is the alertmessaging by using snort?
Umm.... not quite sure that I can answer this in the way that you
might expect :)
Snort *can* be extremely good at detecting traffic across your own
network interface. You can detect things that you didn't know about.
For example I recently detected a mis-configured SSL installation
which was supposed to pass an encrypted session over the net from the
U.S. to England. Turns out that some important part of the info
wasn't encrypted and snort showed this to me.
It can do many things that other software cannot.
However, there is a lot of academic argument over the fact that snort
- like most other security software - can be compromised. I've
discussed this with the OpenBSD people as well as quite a few Linux
people. When it works in the way that it should it is quite
reliable :) It does give out some good alerts depending on the
command line argument that you use to start it.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here