RE: [Snort-users] Snort Sensor Hardware
This is a discussion on RE: [Snort-users] Snort Sensor Hardware within the Snort forums, part of the System Security and Security Related category; Yes. If you chose SourceFire you'll get signatures way ahead open-source = community, plus actually many more signatures that ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-10-2003
|
|||
|
|||
RE: [Snort-users] Snort Sensor Hardware
Yes. If you chose SourceFire you'll get signatures way ahead open-source =
community, plus actually many more signatures that roughly 2000 = signatures that are currently on snort.org. At least this is what I was told by a SourceFire representative. And I = believe is true. Actually, don't you think that should be in this way? Customers who are = paying big bucks should get signatures and support for their money, = whereas we, the rest of us, which are taking things for free and use = them in corporate environments should be left aside a little bit. Personally I think in this way should be. You pay you get something, you = don't pay, take something for free then......don't complain. Plus what can be so difficult to write your own signatures? Put a = sniffer on your network edge and start writing signatures. Goodies? Well. At least one I would mention here. The underlying = database in SourceFire is not MySQL, but something proprietary to them, = and the front-end is lighting fast. I've seen a box with 8 million alerts (yes, MILLIONS) in the database, = with 5 users connected to it querying the same database(everything = running in the same box -- sensor, database, front-end) and everything = was running amazingly fast. Try and do the same thing with MySQL and ACID and we will talk then. I had this experience when Blaster hit first time in August this year, = and I can tell was not fun. Demarc? I tested it, since very beginning, when they were having just = two products - Demarc personal and Demarc Professional. Not impressed. = Vice versa I would say. Slow, and buggy. Sorry guys, but that's it. Prelude IDS (www.prelude-ids.org) is something which someone mention it = here in list, but they have to came a long way with documentation. Is still in its infancy stage. Thank you,=20 ___________________________ Catalin Ghercoias=20 WEB/Network Security Administrator=20 website: http://www.fye.com=20 The content of this communication is classified as Transworld = Entertainment Confidential and Proprietary Information.The content of = this communication is intended solely for the use of the individual or = entity to whom it is addressed and others authorized to receive it. If = you are not the intended recipient you are hereby notified that any = disclosure, copying, distribution or taking any action in reliance on = the contents of this information is strictly prohibited and may be = unlawful. If you have received this communication in error, please = notify us immediately by responding to this communication then delete it = from your system. =20 =20 -----Original Message----- From: Michael Steele [mailto:michaels@winsnort.com]=20 Sent: Wednesday, December 10, 2003 4:21 PM To: 'Snort Users List' Subject: RE: [Snort-users] Snort Sensor Hardware What.... Signatures are being held back so Sourcefires customers will = have them first, weeks ahead of the rest of us! I don't think that's true, is = it? What kind of other goodies are we talking about here? There is a LOT of other vendors out there so choose wisely. You hate to spend all that money on something you might not like, or doesn't fill = the job requirements. There are some companies that have Demo sensors they = will ship to try before you buy. I also hear that Demarc has a new line of Sentarus sensors. Do your = homework if you are in the market for a pre-loaded sensor. Kindest regards,=20 The WINSNORT.com Management Team --=20 Pick up your FREE Windows or UNIX Snort installation guides =20 mailto:support@winsnort.com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org > -----Original Message----- > From: snort-users-admin@lists.sourceforge.net [mailto:snort-users- > admin@lists.sourceforge.net] On Behalf Of CGhercoias@TWEC.COM > Sent: Wednesday, December 10, 2003 12:07 PM > To: mkettler@evi-inc.com; lists@itsecurity3.its.uiowa.edu; snort- > users@lists.sourceforge.net > Subject: RE: [Snort-users] Snort Sensor Hardware > Importance: High >=20 > Yes, I would also recommend Sourcefire. They are good, plus you'll be > getting new signatures with weeks before they are released on the > snort.org web site, plus a lot of other "goodies" from the fathers = (and > mothers) of snort. >=20 > -----Original Message----- > From: Matt Kettler [mailto:mkettler@evi-inc.com] > Sent: Wednesday, December 10, 2003 2:55 PM > To: Jason Alexander; 'snort-users@lists.sourceforge.net' > Subject: Re: [Snort-users] Snort Sensor Hardware >=20 >=20 > At 02:17 PM 12/10/2003, Jason Alexander wrote: > >Anyone have any recomendation on hardware. >=20 > If you want to do a "install it yourself", personaly I like the dell > rackmounts.. they aren't the most incredible box in the world, but = they > work well, are inexpensive, and reasonably reliable. Excellent > bang-for-the > buck factor without getting unstable garbage. >=20 > If you want something preconfigured, sourcefire would be my > recommendation.. (echoing Robert Shwartz).. they also have some nice > extra > back-end correlation tools. You'd also be supporting Marty, and the > other > Snort devels that work there. >=20 >=20 >=20 >=20 > ------------------------------------------------------- > This SF.net email is sponsored by: IBM Linux Tutorials. > Become an expert in LINUX or just sharpen your skills. Sign up for > IBM's > Free Linux Tutorials. Learn everything from the bash shell to sys > admin. > Click now! = http://ads.osdn.com/?ad_id=3D1278&al...371&op=3Dclick > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...=3Dsnort-users >=20 >=20 > ------------------------------------------------------- > This SF.net email is sponsored by: IBM Linux Tutorials. > Become an expert in LINUX or just sharpen your skills. Sign up for = IBM's > Free Linux Tutorials. Learn everything from the bash shell to sys = admin. > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id371&op=3Dick > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=3Dort-users ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for = IBM's Free Linux Tutorials. Learn everything from the bash shell to sys = admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id371&op=D5ick _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=D7ort-users ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
