What is better at IDS: WinSnort (here) or Snort (here)?
Also does anyone know of good setup/usage tutorials for Snort on Windows XP?
Printable View
have you read the faq's on the winsnort page?
Yep read the page. You will find there is ONLY ONE, Padawan.
Actually if you walk into Borders or Barns and Noble, the SNORT 2.0 book will be right there on the shelf. The 2.1 version is out, but here is the info on 2.0
Snort 2.0 Intrusion Detection
Paperback: 523 pages
Publisher: Syngress; 1 edition
ISBN: 1931836744
And someone just sold it on eBay for $6.
:)
Thanks, but which is better WinSnort or Snort? And is the Snort book for Linux OS or any?
J_K9
Covers both.
http://www.amazon.com/exec/obidos/AS...roduct-details
read the reviews.
Not to be rude, but ya think you can take 5 minutes and look it up yourself?
They are the same bloody thing...... except this site is clearly more pro WinX yet it still has the binaries for *nix etc.
Snort is a *nix tool that has been ported to Win32. As such the ways of handling it and receiving/seeing it's output can differ a little. This site is just more dedicated to the windows versions.
BTW, the FAQ's don't tell you a thing that the FAQ'a and docs at www.snort.org don't.
Thanks, and sorry MrCoffee I've just been having a bad day! :o
Much of the "which is better" question is answered by stating which is your preferred OS?
I use SNORT/Linux, and it performs perfectly. So I can tell you that the nix version runs well.
If your preferred OS is Windows however, then there's your answer -- use Winsnort.
- aftiel
As has been said, its the same thing, just two different platforms, and they are both utterly useless (in an IDS sense) unless you monitor them, keep them updated, and have procedures in place to deal with what happens when you find something., otherwise you just get a box that runs out HD space very quickly...
Of course if you just want to run it at home then don`t worry so much about the procedures, but do keep in mind that you need to monitor it.