Date: Thu, 11 Jan 2001 11:25:04 +0100 From: Per Tore Larsen <per.tore.larsen@fernonorden.com> To: "'mark.rowlands@minmail.net'" <mark.rowlands@minmail.net>, "'freebsd-questions@freebsd.org'" <freebsd-questions@FreeBSD.ORG> Subject: SV: Snort or Portsentry? Message-ID: <25879E6A7E74D411B9370050043B7F3E09F844@fernonorden.com>
next in thread | raw e-mail | index | archive | help
Thanks for your help. Looks like snort is the one I need. PeTe > -----Opprinnelig melding----- > Fra: Mark Rowlands [mailto:mark.rowlands@minmail.net] > Sendt: 10. januar 2001 18:00 > Til: Per Tore Larsen; 'freebsd-questions@freebsd.org' > Emne: Re: Snort or Portsentry? > > > On Tuesday 09 January 2001 20:20, Per Tore Larsen wrote: > > Hi. > > > > I need a port that will monitor my firewall for possible > > backdoor/breakins/etc and > > found out that snort or protsentry would make this possible. > > > > Here's my question: > > Will both be able so send mail when on of the rules is > activated or a > > message > > to a windows machine that the port has detected a possible security > > problem? Which would be the best to use? > > > > I'm using ipf and ipnat on FreeBSD 4.2. > > > > > snort can send smb messages and as with most unix like > utilities, scripting > can perform most miracles that have been omitted by the developers. > > Portsentry with logsentry (afaik) will send email alerts. as > for smb see > scritping. > > Me. I like snort, very flexible, some cool utilities around > it (snortsnarf.pl > dumps the output to a webserver for point and clicky type > stuff) It has > support for various databases, and more features are being > added all the time > and because (whisper it quietly) it has a win32 port as well. > > It does have a response type plugin, but I am generally a bit > wary of these > due to the possibility of a savvy miscreant exploiting it > against me or > others. > > as ever ymmv > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?25879E6A7E74D411B9370050043B7F3E09F844>