View Poll Results: is it bad if someone gets your dns
- 20. You may not vote on this poll
not a security threat
December 26th, 2003 07:20 PM
Thanks nebulus. I'll give the folks at ISS a call on Monday to find out what's up.
Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.
December 26th, 2003 07:45 PM
Yeah, we were extremely displeased with ISS and their sudden announcement. It is very poor to out of the blue drop support for something that is being released even to this moment. I suspect they are trying to force everyone to go to their Proventia servers.
I also suspect we are going to tell them to take their 500 sensor license and the two scanner licenses and shove it where the sun don't shine...
Hmm...that pun wasn't intentional but it works for me
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
January 13th, 2004 04:32 PM
My vote would have to go with Snort
-Supports both Windows and *NIX systems
-Easily deployed on a small network
-Tough to deploy on a large network
-Writing rules may seem daunting at first for n00bs
As you can see, the pros in my mind seem to outweigh the cons. My vote goes with Snort
Happy BHH (Black Hat Hunting) and Happy WHH (White Hat Hacking)
January 13th, 2004 05:23 PM
Might have been good to have an "Others" option. I've been recently doing some work/testing on Prelude, new "hybrid" IDS.
January 13th, 2004 05:35 PM
Snort!!! with PureSecure
This can be true but I use it with Demarc's Puresecure as a front end (and HID). A central managment console with control over all the sensors and displayed in a nice gui makes snort better than anything out there. And the fact that it is all free makes it even better.
Originally posted here by nebulus200
Snort -- Good all around IDS with the price being right. If I was running a small network, this is what I would use, in one form or another. It, at the moment, does not scale well though and if you are in an environment where you would deploy say a few hundred sensors, you can pretty much forget about snort, unless you have megaworkers to keep it running.
That which does not kill me makes me stronger -- Friedrich Nietzche
January 20th, 2004 07:59 PM
Dragon for host. not too impressed with ISS for net since so many false positives.
June 4th, 2005 05:47 PM
i'm still testing Prelude IDS ...huh ..tough man !!
June 4th, 2005 11:13 PM
Please do not bump a one-year six month old thread.
"Personality is only ripe when a man has made the truth his own."
-- Søren Kierkegaard
June 19th, 2005 02:59 AM
My vote would go to the Netscreen/Juniper IDP - very easy to set up out of the box, not too expensive, very good support from Juniper providing you purchase the support contract. It can be easily set up to send log files to a management server running either Solaris or Redhat. I have previously used the Cisco IDS and compared to the Juniper IDP it was a real pain to manage and track the logs.
June 19th, 2005 03:03 AM
Like other great minds have stated snort all the way. www.snort.org