[Snort-users] Re: Snort-users digest, Vol 1 #80 - 3 msgs
keydet89 at ...131...
Mon Sep 4 09:17:55 EDT 2000
> 20 questions about Snort (well ok 21 :)
> Snort Survey - (please send reply to dr at ...381... with
> Snort User Base in subj.)
> (Instructions: for multiple choice on the reply,
> delete the appropriate words so
> your answer remains, multiple answers ok, for
> numeric or comment parameters
> put the value after the ":" blank/empty answers ok,
> for numeric answers if
> don't know leave blank)
> 1. What OS do you runs Snort on?
> -OS: OpenBSD FreeBSD NetBSD Solaris SunOS Linux
> HP-UX AIX IRIX Tru64 MacOSX Windows BeOs
NT 4.0 SP6a
> 2. How many snort sensors do you use(#)?
> 3. How much traffic do they process per week in
> gigabytes(just number pls.)?
Not much...maybe a couple of Kb...
> 5. The fastest link you put snort on is( # in Mbps,
> .05 for dialup, 8 ADSL, 10 Cablemodem, 1000 GigE )
> 6. The fastest live traffic rate you've used snort
> on is(in Mbps, #)
> 7. The average link speed/usage I deploy snort on
> 8. The number of rules you typically
> 9. The amount of RAM in my Snorters(#, Mb):
64MB...shared with the rest of the apps.
> 10. The CPU used for Snort (Mhz, #)
Pentium II 200MHz
> 11. NIC type I like to use (e.g. 3com 3c509, Intel
> 12. Favorite thing about snort(put comment after
Excellent, configurable lightweight IDS that runs
comfortably on NT. The author does an excellent job
of keeping up with new releases of snort.
> 13. Least Favorite thing about snort(put comment
> after ":")
The author who ported snort to Win32 is busy...after
seeing a forum discussion regarding FlexResp, I
contacted him to ask him to compile support for
FlexResp into Win32-snort. He did...and sent me the
binaries zipped up...but as yet they are not publicly
available. This is most likely due to his schedule.
> 14: Future feature you need most
> 15. The next best future feature you need:
The ability to script a response, rather than being
limited to just RST packets.
> 16: Number of alerts a day you log on average:
> 17. Please describe any special or interesting
> application you may have for Snort...
> 18. Number of attackers caught successfully with
> snort (#)....
Since my EventLog doesn't exactly count as a valid
evidentiary respository, none.
> 19. Most interesting attack origin or type logged by
None. All kiddies.
> 20. Name any interesting modifications to snort you
> use locally...
I use Perl scripts on NT to archive the alerts from
the EventLog to another format. Right now, it's just
flat text. However, in the past, I have had the
script report the alerts to an HTML file, and then
used nmapNT to scan unique IP addresses with a stealth
scan of selected ports, and to get an ID on the OS.
> 21. Most common false alarm on your snort:
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
More information about the Snort-users