[lug] Re: IDS

John Hernandez John.Hernandez at noaa.gov
Tue Sep 5 12:13:50 MDT 2000

For a relatively low bandwidth link (like DSL), Snort could be useful. 
It's got some shortcomings (such as no IP defragmentation and no TCP
stream reassembly), but implements many of the features of pricey
commercial IDS's at a much lower cost (FREE!).



From: John Starkey <jstarkey at ajstarkey.com>
To: lug at lug.boulder.co.us
Subject: [lug] Intrusion Detection Software. And basic secure
Reply-To: lug at lug.boulder.co.us

I've checked out Portsentry, Hostsentry and a few (currently) more
aggressive IDS's. Anyone have any recommendations?? I would like
that's adaptive and will work several boxes with a central server. One
the site's I'm working on is a hosting deal for a fan club for a major
rock act. I'm sure it will appear to be a playground. Nice challenge in
my case :} I'm back to that adhrenaline thing.

I'm setting up a box for email and a box for www/home; what's the best
to link the two transparently (ie. NIS, etc.)



John Hernandez, Network Engineer --------------------------------------
US Department of Commerce                             tel: 303-497-6392
NOAA/OAR - Mailstop R/OM12                            fax: 303-497-6005
325 Broadway                            e-mail: John.Hernandez at noaa.gov
Boulder, CO 80303                               http://boulder.noaa.gov

More information about the LUG mailing list