Tue Mar 20 14:23:24 EST 2001

>If Solaris 8 counts as an open source solution .. go download 
>:) I don't
>have that much SMP clue on Linux/BSD, so I can't tell ... AFAIK, you
>can't get much more flexibility unless you go for a box that can be
>partitioned (and don't forget to tell me where I can apply for a job if
>your manager approves it as an IDS ;))

Hehehe! nah, I  think I will go for a real open source solution... like
Windows 2000 Advanced Server (someone said this will work there ;););)

Seriously, I prefer the OpenBSD platform but I get to carve around in
Solaris anyway, because that is what management types usually buy.

Actually I wouldn´t be too surprised if [insert any kind of wild/ridiculous]
solution was approved here... But I doubt you´d like to relocate to *cold*
*cold* Stockholm though ;). Salaries in Sweden are comparatively low and tax
is HIGH as well ;(

>> I agree with you there... What would be kind of practical is 
>a pretty good
>> single or dual processor box with a quad card that could 
>monitor up to four
>> low traffic nets... SnortNet in a box ;)
>Depends. I like to keep sensors seperate from analysis boxes, so I'd go
>for a distributed setup if you can.

What I really was thinking primarily of here was a 4 port sensor only box
which in turn would send data to a db (anyone tried that?). I think I will
go and dig up a quad card and try it in the lab some day (maybe next century
or whenever I get some free time).

I continue to agree according to the well tried principle of keep it simple
(stupid)... But nevertheless we always get all kinds of crap to resolve and
play around with (which seldom hurts).
And yes, all my Snort setups are pretty normal ;) (and work remarkably well
n stable!)

Thanks for the input.


