[Snort-users] alerting admin via email or sms

Jan Muenther jan at ...206...
Mon Oct 30 08:01:34 EST 2000


>         Just my $0.02, but are you sure you really want to do that?  Next
> time a newbie script kiddie points his copy of Nessus (or any other
> similarly noisy scanning tool) at one of your boxes (or you accidentally
> put in a rule that catches a lot more than you wanted (as I've done to
> myself more than once :) ), you're e-mail inbox will be thouroughly
> mailbombed, and/or your SMS provider will get a kick out of the surcharges
> you'll rack up from the message flood it will cause. (not to mention the
> fact that your IDS box will get heavily loaded trying to generate all
> those e-mail's/SMS messages).

That, of course, is very true indeed. Still, with host-based IDS,
it's somewhat different IMHO. At least I get paged when somebody
tampers with my hosts. 

Cheers, jan

Radio HUNDERT,6 Medien GmbH Berlin
- EDV -
j.muenther at ...206...

More information about the Snort-users mailing list