[Snort-users] RE: How to use -A unsock option
mipam at ...266...
Mon Aug 7 03:50:14 EDT 2000
> ~ :I am running snort on win32 because I don't want to have to "dumb down" a
> ~ :Linux box to just be a snort IDS appliance with no other services. Snort
Snort is definitly not written on a m$ box. So you are dealing with
a port of snort, how good that one may be. ?? That's the first handicap
you'll encounter. Secondly, the ip stack and implementation of it in m$
stucks very big time. So go figure.
Most of all, when it comes to security and stuff like that, plz install a
real os which can do a fine job, use a bsd or even linux, it will ease you
live. And i mean, why not dedicate a machine for snort alone? That's what
i did. All incomming traffic after it came through the outer firewall will
also pass the snort machine to see what's going on. It'll run fine and do
a good job, assumed you got nice rules.
More information about the Snort-users