snort question

Discussion in 'other software & services' started by iceni60, Feb 4, 2005.

Thread Status:
Not open for further replies.
  1. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hi, i want to try snort. is it OK to use it with a standalone computer with kerio 2.1.5 on a ADSL PPP connexion? thanks :)
     
  2. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    can someone tell me if i can use Snort on my PC? thanks :)
     
  3. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    Snort is a network intrusion detection system which is often used to audit a system in LAN/Private Network architecture or configuration.
    But we could use it on a single PC.

    With an integrated database of attacks, Snort can datect more of them (We may use Nessus for instance) and has also the ability to sniff suspicious packets.

    If you have a little experience of network administration, it will not be difficult to use it.
    If it's not the case, you'll surely have to take an apirin for the rules and configurations ;) .

    There's others NIDS/IDS which are surely more easy to use.
    One of my favourite is Samhain which integrated a powerfull integrity checkers:

    http://la-samhna.de/samhain/

    You could also take a look on the GFI site.

    More informations:

    *An intrusion detection FAQ:

    http://www.sans.org/resources/idfaq/

    *To run Snort on Windows:

    http://www.sans.org/resources/idfaq/snort.php

    Now it's time for me to play soccer...

    Regards
     
  4. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    Wow, thanks kareldjag :cool: i think i'll download Samhain. i have been looking at integrity checkers the last few days, i even just downloaded fingerprint, but now i'll have alook at Samhain first. thanks for your help :)
     
  5. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Will Samhain run on windows? :doubt:
     
  6. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hi, Gerard :) this is from the page -
    samhain is a multiplatform, open source solution for centralized file integrity checking / host-based intrusion detection on POSIX systems (Unix, Linux, Cygwin/Windows). It has been designed to monitor multiple hosts with potentially different operating systems from a central location, although it can also be used as standalone application on a single host.
     
  7. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
  8. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
  9. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Iceni60,

    I am not planning to install as long as I use XP ;)
    Cheers,

    Gerard
     
  10. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    OK, do you mean you think it isn't needed?
     
  11. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    I think it is a bit overdone because you consider to install on a standalone machine. On the other hand it might be a nice tool to play with and learn a lot.

    Gerard
     
  12. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    yes, for me the main reason i wanted to install intrusion detection software was to learn abit more about networks, and i really like the sound of this one because, i need, and it has a file checker too.
     
Loading...
Thread Status:
Not open for further replies.