[Snort-users] Looking for a prebuilt Snort IDS Distro

Pak Chan brightlilim at ...11827...
Sat Sep 22 08:36:28 EDT 2012


Sorry, that was really badly phrased. I meant to say that I haven't
discovered all of what it can do yet, so can't comment on its capabilities
or lack thereof. I'm still in the process of configuring it (and will be
for a while, mixed in with other work). I also haven't decided if I want to
have it as an inline sensor/network filter (can it filter as well as
sense?) or just an out-of-band sensor.

I'll also need to see about configuring it to ignore certain IP addresses
occasionally (for targeted penetration tests, etc.), which I've not looked
into yet.

So, I might as well ask the questions: can I use SO as a network filter,
and can I configure it to allow pen tests on servers without triggering
massive amounts of alerts?

Pak
"Build a fire for a man, and he'll be warm for a day. Set a man on fire,
and he'll be warm for the rest of his life."


On 21 September 2012 23:09, Jeremy Hoel <jthoel at ...11827...> wrote:

> Out ojmf curiosity, what does SO not do for you?
> On Sep 21, 2012 5:33 PM, "Pak Chan" <brightlilim at ...11827...> wrote:
>
>> That may be true, but there are people who just need an IDS, and having
>> an easy-to-use IDS appliance (which is effectively what a distro is, or
>> should be) will help that. Most people won't delve into the code to
>> understand how it works underneath, in the same way that most people just
>> purchase and install firewalls without understanding how they work. It
>> means they won't get the best out of it, but it's a great deal better than
>> if they didn't have one at all.
>>
>> Personally, I'm in that situation at the moment. The last time I looked
>> at an IDS was one I had helped to build about ten years ago, and it was so
>> primitive compared to the capabilities modern ones have. I'm getting back
>> into it again, and finding myself short on time to learn about the
>> fundamentals, I've decided to go for the SecurityOnion distro. It doesn't
>> satisfy everything I want (yet), but that's down to my lack of experience
>> in tweaking it. I'll get better as I learn more about it, but I don't want
>> to be exposed in the meantime. I'll settle for less-than-ideal in the short
>> term.
>>
>> Pak
>> "Build a fire for a man, and he'll be warm for a day. Set a man on fire,
>> and he'll be warm for the rest of his life."
>>
>>
>> On 21 September 2012 17:51, PR <oly562 at ...11827...> wrote:
>>
>>> ps. it shouldn't matter what distro, unix/linux, its nix, prebuilt? that
>>> means, no real configuring at the beginning, therefore, you will not
>>> learn how it works, where it is, how it can be tweeked, unless you are a
>>> wizard. not to say you can figure it out, it just means, you will have
>>> less knowledge about how it works at the core.
>>>
>>> On Fri, 2012-09-21 at 13:14 +0000, Turnbough, Bradley E. wrote:
>>> >
>>> >
>>> >
>>> >
>>> > From: Jaime Nebrera [mailto:jnebrera at ...11827...]
>>> > Sent: Friday, September 21, 2012 2:51 AM
>>> > To: snort-users at lists.sourceforge.net
>>> > Subject: Re: [Snort-users] Looking for a prebuilt Snort IDS Distro
>>> >
>>> >
>>> >
>>> >
>>> > On 20/09/12 15:26, Turnbough, Bradley E. wrote:
>>> >
>>> > I’m looking for a prebuilt snort IDS Distro.  Preferrably based on the
>>> > Centos 6 series.  Any Suggestions?
>>> >
>>> >
>>> >
>>> > I’d like it to have (at a minimum):
>>> >
>>> >
>>> >
>>> > Snort
>>> >
>>> > Barnyard 2
>>> >
>>> > Snorby
>>> >
>>> > Mysql
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >   Hi Bradley,
>>> >
>>> >   I would suggest redBorder.net
>>> >
>>> >   It contains Snort, Barnyard 2, Snorby (for event management) and
>>> > MySQL. Besides those, you have a very powerful rule manager, config
>>> > system and SNMP monitoring as an extension of Snorby and performance
>>> > enhancements on the Snort side.
>>> >
>>> >   It is free for registered users and under open source license.
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > Exactly what I was looking for…. Thanks Jamie!
>>> >
>>> >
>>> > This e-mail transmission contains information that is confidential and
>>> > may be privileged. It is intended only for the addressee(s) named
>>> > above. If you receive this e-mail in error, please do not read, copy
>>> > or disseminate it in any manner. If you are not the intended
>>> > recipient, any disclosure, copying, distribution or use of the
>>> > contents of this information is prohibited. Please reply to the
>>> > message immediately by informing the sender that the message was
>>> > misdirected. After replying, please erase it from your computer
>>> > system. Your assistance in correcting this error is appreciated.
>>> >
>>> ------------------------------------------------------------------------------
>>> > Got visibility?
>>> > Most devs has no idea what their production app looks like.
>>> > Find out how fast your code is with AppDynamics Lite.
>>> > http://ad.doubleclick.net/clk;262219671;13503038;y?
>>> > http://info.appdynamics.com/FreeJavaPerformanceDownload.html
>>> > _______________________________________________ Snort-users mailing
>>> list Snort-users at lists.sourceforge.net Go to this URL to change user
>>> options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users
>>> list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-usersPlease visit
>>> http://blog.snort.org to stay current on all the latest Snort news!
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Got visibility?
>>> Most devs has no idea what their production app looks like.
>>> Find out how fast your code is with AppDynamics Lite.
>>> http://ad.doubleclick.net/clk;262219671;13503038;y?
>>> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!
>>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Got visibility?
>> Most devs has no idea what their production app looks like.
>> Find out how fast your code is with AppDynamics Lite.
>> http://ad.doubleclick.net/clk;262219671;13503038;y?
>> http://info.appdynamics.com/FreeJavaPerformanceDownload.html
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120922/752c0e15/attachment.html>


More information about the Snort-users mailing list