From owner-freebsd-security  Thu Dec 30 23:37:16 1999
Delivered-To: freebsd-security@freebsd.org
Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2])
	by hub.freebsd.org (Postfix) with ESMTP id 2BF3914DBF
	for <freebsd-security@FreeBSD.ORG>; Thu, 30 Dec 1999 23:37:15 -0800 (PST)
	(envelope-from jwyatt@rwsystems.net)
Received: from bsdie.rwsystems.net([209.197.223.2]) (935 bytes) by bsdie.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@rwsystems.net>) 
	id <m123wZL-000CCIC@bsdie.rwsystems.net>
	for <freebsd-security@FreeBSD.ORG>; Fri, 31 Dec 1999 01:33:51 -0600 (CST)
	(Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7)
Date: Fri, 31 Dec 1999 01:33:51 -0600 (CST)
From: James Wyatt <jwyatt@rwsystems.net>
To: TrouBle <trouble@netquick.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: IDS recommendations
In-Reply-To: <386B9258.893C7483@netquick.net>
Message-ID: <Pine.BSF.4.10.9912310132280.93311-100000@bsdie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

We're using snort from the ports/packages with some rule tuning. It leaves
a bit to be desired in companies with several subnets to watch for, but is
a good start and tool in a toolbox. - Jy@

On Thu, 30 Dec 1999, TrouBle wrote:
> What would you all recommend for IDS systems that run under FreeBSD ??? 
> -- 
>       ...and that is how we know the Earth to be banana-shaped.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message