[Snort-users] Snort vs. LIDS?

Loki loki.loa at ...56...
Tue Aug 22 03:06:40 EDT 2000


Well said.. LIDS also seems to handle individual process monitoring, whereas
SNORT doesnt really care about that as it lies outside of its focus..


----------------------------------------------------------------------
Loki [LoA]
loki.loa at ...56...

"A verse from Saint Paul stays with me. It is perhaps the strangest
passage in the Bible in which he writes: Even now in Heaven there were
angels carrying savage weapons."

----------------------------------------------------------------------
PGP Key fingerprint =  67 1D 12 BE 61 D6 63 B2  6A 8C F8 A1 80 88 1B 4
[jbrill at ...57...]# ./crack /etc/passwd > passwd.cr
[jbrill at ...57...]# su - root
[root at ...57...]#
----------------------------------------------------------------------


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Geoff the
UNIX guy
Sent: Monday, August 21, 2000 1:14 PM
To: Alderman, Sean
Cc: Snort List (E-mail)
Subject: Re: [Snort-users] Snort vs. LIDS?




Perhaps the snort developers have more to say, but I took
a quick look at LIDS and it seems they address two entirely
different needs.

LIDS seems to be more of a host based intrusion dectection/
security sanitizer application where snort is a network based
system.  That is to say, LIDS is meant to secure and monitor
individal nodes where snort is meant to analyze network
traffic for signs of intrusion.  Two different functions.

And remember... there is no rule that says you can
only use one security application.

-geoff


---------------------------------------------------
Geoff Galitz, galitz at ...247...
Research Computing
College of Chemistry, UC Berkeley
---------------------------------------------------
     The laws of physics can be a harsh mistress...
        - Bender


On Fri, 11 Aug 2000, Alderman, Sean wrote:

> I've been listening to the snort list for a few months now, and I have a
> discussion question.  I'm trying to decide what IDS package to use for
> Linux.  I've had several recommendations for both snort and LIDS, but I
> thought I'd see if anyone here might have any comments about using LIDS
over
> snort or vice versa.
>
> Thanks.
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
>



_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users






More information about the Snort-users mailing list