[Snort-users] General Question on Snort Use

jeff at ...430... jeff at ...430...
Fri Jan 19 21:56:05 EST 2001


The value of an intrusion detection system is that it helps you see what 
traffic is being directed at your system or network of systems.  To determine
whether of not snort is of value to you, you should consider whether or not 
you want to know about some of the not-so-nice things people do on the Internet
these days.  Also, there is a bit of a learning curve needed to determine
exactly what the alerts you're looking at actually mean.

When some people turn on an IDS for the first time, they experience what
we call X-Files syndrome.  That is, they think the entire world is trying
to hack their system.  Relax, you're not the target of a conspiracy... you're
just seeing all the things you weren't seeing before.

-Jeff


>   I have a home cable connection and want to make sure my machine
> is protected.  I don't intentionally run any servers.  The only process
> that
> is running that might be a matter of concern is sendmail which says it
> is
> accepting connections on port 25.  I'm not even sure if I need this
> running
> except that I think my redhat up2date application won't work if I
> disable it.
> Anyway, I am currently running portsentry.  My question is: Is there any
> value
> to me, given my setup, of trying to install and figure out the rules for
> configuring
> snort? Or, is snort mainly for installations running ftp, telnet, etc.
> servers?
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> 


-- 
http://jeff.wwti.com	 	(pgp key available)
"Common sense is the collection of prejudices acquired by age eighteen."
- Albert Einstein 




More information about the Snort-users mailing list