[Snort-users] re: 1. Network World IDS report (Jason Haar)

Joe Pampel joe at ...3851...
Thu Jun 27 07:29:04 EDT 2002


Thanks for the heads up Jason!

uh oh.. feel a rant coming on!

<rant>
It just bums me out that they kinda short-changed Snort two, well really 3 ways:
1. by having it misconfigured during that one test you don't know if it would have detected the SYN flood.. 
2. They use the lack of a GUI and event correlation as a "con" at the end.. In 3 months of working on Snort
they've never heard of ACID or IDS Center or DMARC or or.. Let alone SPADE? C'mon guys!! Who are they writing
for? 
3. If the load is a problem, you get a bigger box. <a big rousing "thank you Dr. Von Braun!"> Part of the package with an OS implimentation.. they also didn't say what they ran Snort on. Did I miss that part?  (BSD? Win32? Redhat? Solaris? i386?)  I have had Snort crash on me once the past 18 months, and that's running on NT4, multiple sensors (3MB internet & 100MB/switched LAN) and I think it was Windows that dropped the ball, not Snort...  As soon as I become a better nixer that box will be BSD for sure. 

Are they afraid of giving it too high marks and angering advertisers? Nah, that never happens. 
</rant>

Just call me Jaded.

- The net admin formerly known as Joe.

 
Message: 1
Date: Thu, 27 Jun 2002 11:17:06 +1200
From: Jason Haar <Jason.Haar at ...294...>
To: snort-users at lists.sourceforge.net 
Organization: Trimble Navigation New Zealand Ltd.
Subject: [Snort-users] Network World IDS report

http://www.nwfusion.com/techinsider/2002/0624security1.html 

Good read I feel. Sums up the biggest problem with IDS today (false
positives - or information overload).

Interesting to see how almost all these commercial IDS systems crashed under
load... :-)

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.






**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************




More information about the Snort-users mailing list