[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Snort (Intrusion Detection)

Subject: [ale] Snort (Intrusion Detection)
From: transam at verysecurelinux.com (Bob Toxen)
Date: Thu Mar 24 13:14:59 2005
In-reply-to: <[email protected]>
References: <1111686554.10232.8.camel@angel> <[email protected]>

On Thu, Mar 24, 2005 at 12:51:54PM -0500, Jonathan Rickman wrote:
> I do both. I run snort outside the perimeter just to see what is out
> there driving by, but I also run it locally (even on windows machines)
> with rules tailored to match the specific role/platform of that
> machine. All logs are dumped in the same place for analysis.
I agree with this when one's budget and time allows.

> --
> Jonathan
Bob


> On Thu, 24 Mar 2005 12:49:14 -0500, Jeff Hubbs <hbbs at comcast.net> wrote:
> > In practice, is Snort run *on* an Internet-facing Web server or does one
> > run Snort on a dual-homed machine *in front of* a Web server?  Can
> > anyone hold court on the subject?
> > 
> > Jeff
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> >
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

References:
- [ale] Snort (Intrusion Detection)
  - From: hbbs at comcast.net (Jeff Hubbs)
- [ale] Snort (Intrusion Detection)
  - From: jrickman at gmail.com (Jonathan Rickman)

Prev by Date: [ale] Snort (Intrusion Detection)
Next by Date: [ale] Snort (Intrusion Detection)
Previous by thread: [ale] Snort (Intrusion Detection)
Next by thread: [ale] Snort (Intrusion Detection)
Index(es):
- Date
- Thread