[Snort-users] Use Snort to document usage?

Madhav Diwan mdiwan at ...200...
Sun Oct 14 19:41:02 EDT 2001

 Interesting idea .. but i would leave the  Snort IDS to run
IDS detection..

 you could concievably  create rules that log source and destination
activity  to and from  a particutar IP or IP-range in snort..  BUT , why
bother when a tool such as ntop already does all this and more ..

my suggestion:

try ntop to monitor the traffic stats.. and create  general policy based
on its results :   thats what it was made for.

then use snort to fine tune your firewall.. THAT is a very good reason
to use an IDS.

Madhav Diwan

Rich Adamson wrote:

> I'm looking for a realistic way to identify communications to/from
> a small set of systems that share a single ethernet segment, and use
> that useage data to install/configure a firewall.  These critical
> systems will be isolated behind a firewall, however before installing
> the firewall I'd like to identify/document all current activity and
> configure the initial firewalls rules to support appropriate usage.
> The systems are AIX, X11, IP, etc.
> I can certainly use Sniffers to monitor acitivity over some lengthy
> period of time, however I'm wondering if snort might be able to
> accomplish the task in some manner.
> Thoughts???
> Rich
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list