[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Re: Snort

To: Ruprecht Helms <rhelms@xxxxxxx>, <suse-security@xxxxxxxx>
Subject: [suse-security] Re: Snort
From: Richard Ibbotson <richard@xxxxxxxxxxxxx>
Date: Thu, 1 May 2003 10:20:34 +0100
Delivered-to: mailing list suse-security@xxxxxxxx
Delivery-date: Thu, 01 May 2003 11:27:20 +0200
Envelope-to: suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <200305010946.33058.rhelms@xxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
Organization: Sheffield Linux User's Group
References: <200304302344.20491.richard@xxxxxxxxxxxxx> <200305010946.33058.rhelms@xxxxxxx>
User-agent: KMail/1.5.1

Ruprecht

> How is the alertmessaging by using snort?


Umm.... not quite sure that I can answer this in the way that you 
might expect :)

Snort *can* be extremely good at detecting traffic across your own 
network interface.  You can detect things that you didn't know about.  
For example I recently detected a mis-configured SSL installation 
which was supposed to pass an encrypted session over the net from the 
U.S. to England.  Turns out that some important part of the info 
wasn't encrypted and snort showed this to me.  

It can do many things that other software cannot.

However, there is a lot of academic argument over the fact that snort 
- like most other security software - can be compromised.  I've 
discussed this with the OpenBSD people as well as quite a few Linux 
people.   When it works in the way that it should it is quite 
reliable :)  It does give out some good alerts depending on the 
command line argument that you use to start it.


-- 
Richard
www.sheflug.co.uk

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

References:
- [suse-security] Snort
  - From: Richard Ibbotson
- Re: [suse-security] Snort
  - From: Ruprecht Helms

Prev by Date: Re: [suse-security] Snort
Next by Date: Re: [suse-security] Can't make losetup mount a crypto file to the loopback device (SuSE 8.2)
Previous by thread: Re: [suse-security] Snort
Next by thread: Re: [suse-security] updatedb@locate
Index(es):
- Date
- Thread