[Snort-users] LaBrea

Frank Knobbe fknobbe at ...652...
Wed Jun 5 16:31:02 EDT 2002

On Wed, 2002-06-05 at 15:54, Hugo Ferr wrote:
> I know it's out of the topic...but information on the web is vey limited
> regarding the LaBrea program, and I just looking for someone who implemented
> it and who is able to provide some feedback, starting from "does it really
> stop scans (makes them really slow)?"..etc

I have an installation where LaBrea is running beautifully. The box is
running NT4 with FW-1 and LaBrea. It works great and slows scanners down
a bit, so that Snort (sniffing the external side) can detect them and
block them with SnortSam (running on the box). 

The only complaint is that LaBrea's logging clutters up the EventLog,
but who reads that anyway. The Eventlogs get pumped with Eventreporter
to a syslog server, and the data gets massaged and filtered there.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 350 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020605/917105e0/attachment.sig>

More information about the Snort-users mailing list