Who what where IDS?
Results 1 to 8 of 8

Thread: Who what where IDS?

  1. #1
    Junior Member
    Join Date
    Apr 2004
    Posts
    3

    Question Who what where IDS?

    Recently my boss asked me if i would like to takle on the task of implementing an IDS.
    Now, I hardly know anything about network security and it absolutely fascinates me.
    I've done some reading on some free or extremely low cost IDS solutions (being I work for a K-12 school system, and they can barely affort to pay me.) snort seems to be the most popular IDS app. I was wondering, has anyone heard of the EagleX package and what are your opinions of that package? Any input would be greatly appreciated.
    Thanks!
    -DubYah

  2. #2
    Junior Member RawGutts's Avatar
    Join Date
    Apr 2004
    Location
    Atlanta
    Posts
    3
    I would stick with good ole snort, Any unix version is great, the win32 platform is still lacking in speed in my opinion. Marty has done a fantastic job writing code for that program.
    \"\"Every day is a 0-day day on the Internet\"\"

  3. #3
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    Umm, EagleX is a "box set" that includes snort, along with a gui that makes things a tad easier for a newbie to set up. I played with it a bit, but since I (currently) really have no use for it, I dumped it awhile back.

    IMHO, the learning curve was a bit stiff, but I suppose anything worth learning is the same way. Each of the individual modules (snort, mySqueal, etc ) have adequate forums that should help you muddle through.

    And it's free...so I would at least encourage you to try it out.

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    /not intending to get into the proverbial pi$$ing match but the speed of the Win32 port is not a problem at all.

    Look at it from the simple POV. As long as I see the alert in a timely fashion, and lets face it - you don't sit there watching a real time alerts 24 hours a day - then who cares about a second here or there? And in reality we are talking milliseconds.

    DubYah: I use the Win32 port on a 650 user network with 6 web sites, mail servers and FTP sites.... all the standard stuff and there is no problem whatsoever with Snort. I highly recommend Snort for anyone who wants an IDS whether they want a free one or have a million dollars to throw at an IDS. IMO, Snort stands with the best of them and the price is right on the "button".
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Snort is defenitly the way to go, it's a little hard to setup rules and what not at first, but there are some great tutorials out there. My biggest problem was I had a WAP that was blasting snmp broadcasts, about 30,000 a day. Made for some HUGE log files.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  6. #6
    Junior Member
    Join Date
    Apr 2004
    Posts
    3

    Wink

    I certainly appreciate the feedback.
    I will gather some more information on Snort and of course if and when I come to
    a brickwall, I will come to my knowledgable friends here @ AO.
    thanks again.
    -DubYah

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    DubYah, if you have some budget and want something more than just the online documentation I have found Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID by Rafeeq Rehman to be a good guide at understanding how snort works.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8
    Senior Member
    Join Date
    Mar 2002
    Posts
    442
    http://www.antionline.com/showthread...hreadid=242664
    I wrote a tutorial on Network Based Intrusion Detection Solutions. It goes into quite a bit of detail, you might be able to take advantage of it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •