Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
Re: Snort
  • From: Richard Ibbotson <richard@xxxxxxxxxxxxx>
  • Date: Thu, 1 May 2003 10:20:34 +0100
  • Message-id: <200305011020.34428.richard@xxxxxxxxxxxxx>
Ruprecht

> How is the alertmessaging by using snort?


Umm.... not quite sure that I can answer this in the way that you
might expect :)

Snort *can* be extremely good at detecting traffic across your own
network interface. You can detect things that you didn't know about.
For example I recently detected a mis-configured SSL installation
which was supposed to pass an encrypted session over the net from the
U.S. to England. Turns out that some important part of the info
wasn't encrypted and snort showed this to me.

It can do many things that other software cannot.

However, there is a lot of academic argument over the fact that snort
- like most other security software - can be compromised. I've
discussed this with the OpenBSD people as well as quite a few Linux
people. When it works in the way that it should it is quite
reliable :) It does give out some good alerts depending on the
command line argument that you use to start it.


--
Richard
www.sheflug.co.uk

< Previous Next >
References