snort question

hi, i want to try snort. is it OK to use it with a standalone computer with kerio 2.1.5 on a ADSL PPP connexion? thanks

 

can someone tell me if i can use Snort on my PC? thanks

 

Hi,

Snort is a network intrusion detection system which is often used to audit a system in LAN/Private Network architecture or configuration.
But we could use it on a single PC.

With an integrated database of attacks, Snort can datect more of them (We may use Nessus for instance) and has also the ability to sniff suspicious packets.

If you have a little experience of network administration, it will not be difficult to use it.
If it's not the case, you'll surely have to take an apirin for the rules and configurations .

There's others NIDS/IDS which are surely more easy to use.
One of my favourite is Samhain which integrated a powerfull integrity checkers:

http://la-samhna.de/samhain/

You could also take a look on the GFI site.

More informations:

*An intrusion detection FAQ:

http://www.sans.org/resources/idfaq/

*To run Snort on Windows:

http://www.sans.org/resources/idfaq/snort.php

Now it's time for me to play soccer...

Regards

 

Wow, thanks kareldjag i think i'll download Samhain. i have been looking at integrity checkers the last few days, i even just downloaded fingerprint, but now i'll have alook at Samhain first. thanks for your help

 

Will Samhain run on windows?

 

hi, Gerard this is from the page -
samhain is a multiplatform, open source solution for centralized file integrity checking / host-based intrusion detection on POSIX systems (Unix, Linux, Cygwin/Windows). It has been designed to monitor multiple hosts with potentially different operating systems from a central location, although it can also be used as standalone application on a single host.

 

Thanks Ice,

I found this link in the meantime:

http://la-samhna.de/samhain/HOWTO-samhain-on-windows.html

Cheers,

Gerard

 

looks good, are you thinking of installing it too?

 

Iceni60,

I am not planning to install as long as I use XP
Cheers,

Gerard

 

OK, do you mean you think it isn't needed?

 

I think it is a bit overdone because you consider to install on a standalone machine. On the other hand it might be a nice tool to play with and learn a lot.

Gerard

 

yes, for me the main reason i wanted to install intrusion detection software was to learn abit more about networks, and i really like the sound of this one because, i need, and it has a file checker too.