From owner-freebsd-questions Thu Jan 11 2:29:59 2001 Delivered-To: freebsd-questions@freebsd.org Received: from rubicon.fernonorden.com (unknown [195.139.149.229]) by hub.freebsd.org (Postfix) with ESMTP id AC1EC37B400 for ; Thu, 11 Jan 2001 02:29:41 -0800 (PST) Received: by fernonorden.com with Internet Mail Service (5.5.2650.21) id ; Thu, 11 Jan 2001 11:25:05 +0100 Message-ID: <25879E6A7E74D411B9370050043B7F3E09F844@fernonorden.com> From: Per Tore Larsen To: "'mark.rowlands@minmail.net'" , "'freebsd-questions@freebsd.org'" Subject: SV: Snort or Portsentry? Date: Thu, 11 Jan 2001 11:25:04 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thanks for your help. Looks like snort is the one I need. PeTe > -----Opprinnelig melding----- > Fra: Mark Rowlands [mailto:mark.rowlands@minmail.net] > Sendt: 10. januar 2001 18:00 > Til: Per Tore Larsen; 'freebsd-questions@freebsd.org' > Emne: Re: Snort or Portsentry? > > > On Tuesday 09 January 2001 20:20, Per Tore Larsen wrote: > > Hi. > > > > I need a port that will monitor my firewall for possible > > backdoor/breakins/etc and > > found out that snort or protsentry would make this possible. > > > > Here's my question: > > Will both be able so send mail when on of the rules is > activated or a > > message > > to a windows machine that the port has detected a possible security > > problem? Which would be the best to use? > > > > I'm using ipf and ipnat on FreeBSD 4.2. > > > > > snort can send smb messages and as with most unix like > utilities, scripting > can perform most miracles that have been omitted by the developers. > > Portsentry with logsentry (afaik) will send email alerts. as > for smb see > scritping. > > Me. I like snort, very flexible, some cool utilities around > it (snortsnarf.pl > dumps the output to a webserver for point and clicky type > stuff) It has > support for various databases, and more features are being > added all the time > and because (whisper it quietly) it has a win32 port as well. > > It does have a response type plugin, but I am generally a bit > wary of these > due to the possibility of a savvy miscreant exploiting it > against me or > others. > > as ever ymmv > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message