[Dshield] IPS/IDS solutions--your opinions?
Scott Melnick
duckie37 at gmail.com
Wed Jan 23 17:31:35 GMT 2008
I agree that the Snort solution sounds like it will work for you very well.
Just like running Snoop on Cisco's IDS you can jump on the snort box and run
tcpdump or better yet, write your own customized snort rule for specific
situations. I've done this many times and utilized my snort boxes for
gathering other network data other than IPS/IDS.
Even with Sourcefires 3D commercial product you can add your own rules and
add rules that suit your needs from the OpenSource community.
Alerts will also show you the packets it captured so you can analyze the
threat.
Scott Melnick
More information about the list
mailing list