June 17th, 2002, 02:02 PM
Well im new to antionline and id like to start here by asking 1 question. At work I want to set up a IDS most likely snort or sumthin like this but I want it to message me when there is anything detected such as a single port probe (netcat) - all the way to a massive GUI forced port scan (sumthin like nessus or iss internet scanner). How can this be set up? does it send an email? all the help you guys can give is much appreciated.
thanks in advanced
June 17th, 2002, 02:33 PM
You can set it up lots of ways... I have seen it send email, IM through AIM, pager, cell phone, home phone, etc etc. All depends on the program you are using, and your hardware. One of the best setups I have seen would send email on things like a scan, but page/call if it caught an actual intrusion.
Well, I haven't done it, so someone else will have to help you out there. I believe with snort, you can use a couple of plugins to do it, and you can set different notification levels to do different things.
\"Ignorance is bliss....
but only for your enemy\"