From owner-freebsd-questions Wed May 3 16:53:56 2000 Delivered-To: freebsd-questions@freebsd.org Received: from stuart.microshaft.org (dsl-gw.microshaft.org [209.204.165.86]) by hub.freebsd.org (Postfix) with ESMTP id 62A0E37BEE1 for ; Wed, 3 May 2000 16:53:42 -0700 (PDT) (envelope-from jono@stuart.microshaft.org) Received: from localhost (jono@localhost) by stuart.microshaft.org (8.9.3/8.9.3) with ESMTP id QAA66537; Wed, 3 May 2000 16:51:56 -0700 (PDT) (envelope-from jono@stuart.microshaft.org) Date: Wed, 3 May 2000 16:51:51 -0700 (PDT) From: "Jon O @ kc" To: John.VanHouten@hurlburt.af.mil Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Question: Best IDS? In-Reply-To: <856532CB07BED3118FE300204840E28ACE4483@vexwncc02.hurlburt.af.mil> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Dragon is a great IDS system. It uses a text based signature system so you can load up new sigs right after they are published or make your own. I use it on a very busy network and it works great. It runs faster on FreeBSD than anything else I've seen. You can use it in remote locations and send to a central server. Shouldn't you be using Shadow from the Navy ;)? http://www.network-defense.com/ Thanks, Jon http://www.networkcommnad.com No more Digital VooDoo. On Wed, 3 May 2000 John.VanHouten@hurlburt.af.mil wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi all.... > > I am really looking for opinions from this forum of individuals > regarding use of IDS (Intrusion Detection Systems) on a FBSD box. > Which application is best for this purpose? Both commercial and open > source? > > I presently run Tripwire daily, as well as a little perl script which > runs through /var/log/messages looking for 'odd' activity... and of > course the 'daily run' information FBSD provides, syslog, etc etc. > > I also run Nessus and SARA weekly on my machines - just to be sure. > > What I would like is a good IDS package, and I am sure each one of you > has their own idea of what is the best and why. > While this is not FreeBSD specific, I have always respected the > opinions of those that contribute to this list. If you think > something is hot, I am sure it is. > > Thanks in advance guys. > > Cheers! > > - --John > > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.0.2 for non-commercial use > > iQA/AwUBORCbD1ufg9eYiuqZEQLmWwCfebw/A9XwOITg2gebgOd3CqdV0PcAoOUs > o5NbtbkNdN2qik2sMDvFgwJ9 > =h/mL > -----END PGP SIGNATURE----- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message