From owner-freebsd-net@FreeBSD.ORG Sun Feb 16 21:15:25 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D6C6EB0A; Sun, 16 Feb 2014 21:15:25 +0000 (UTC) Received: from mail-pb0-x22b.google.com (mail-pb0-x22b.google.com [IPv6:2607:f8b0:400e:c01::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id A4C771FF1; Sun, 16 Feb 2014 21:15:25 +0000 (UTC) Received: by mail-pb0-f43.google.com with SMTP id md12so14481121pbc.2 for ; Sun, 16 Feb 2014 13:15:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=ZYsekKtNY39bNDMmgBTdvv1BLGTwY9Qng2r8V4bKkOc=; b=ZymueXhl6H7nZ9K/4kjuhP2Ha/l9PoBT0cinI+LAs/scX/wmqA0d7YuPv4A8IKwxpV qvn7/H0FMPRkLdAMn6KO6GSUC9fvcnqlqvFU+R5Qlf3hAxzmKmPGUm5IMTY3BEPE5nDM HmZL9H+2OS3yVFAI7FgfgBZYUQeoJ8DyNkpuj19BvoscWZKZehHyifb6bRGNJ0YBbTiY rRcPFygA6MXBV+AD5TouZX49zM936tO1m0C7lNFuWNRhzhctWwh3oUSeFv0aLWSFcZq8 AgsPmAHWmL82v1PmqAFJBYsK4ltrlXoC38R0W5Y0BbHJZly5CiVoH0Fksog7lWQQX6xb DtPw== MIME-Version: 1.0 X-Received: by 10.68.230.137 with SMTP id sy9mr22348429pbc.126.1392585325323; Sun, 16 Feb 2014 13:15:25 -0800 (PST) Sender: kob6558@gmail.com Received: by 10.67.30.1 with HTTP; Sun, 16 Feb 2014 13:15:25 -0800 (PST) In-Reply-To: <1392583088.30857.84104745.7521C62A@webmail.messagingengine.com> References: <1392583088.30857.84104745.7521C62A@webmail.messagingengine.com> Date: Sun, 16 Feb 2014 13:15:25 -0800 X-Google-Sender-Auth: IDarrkr3DihjC95zjJDYGfYWgfw Message-ID: Subject: Re: Recommendations for packet capture From: Kevin Oberman To: Mark Felder Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: "freebsd-net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Feb 2014 21:15:26 -0000 On Sun, Feb 16, 2014 at 12:38 PM, Mark Felder wrote: > Does security/bro or security/snort fit your requirements? > security/bro is an extremely powerful IPS, but it is also fairly complex to configure for a given environment. It was developed under an NSF grant by the International Computer Science Institute at the University of California at Berkeley (http://www.icsi.berkeley.edu/). The BRO community support is at http://bro.org. We used BRO at the job from which I retired last year. It worked extremely well and commercial support from a company founded by some of the developers is now available from Broala (http://www.broala.com). Our experience with the support was very good, but I suspect it was not cheap. (I was not involved with the procurement.) -- R. Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com