Re: [Snort-users] Please post a good Nachi.B Signature

On Sat, Feb 21, 2004 at 04:48:27PM -0500, Erek Adams wrote:
> * (personal, so no flames needed)--NEVER, EVER, EVER, EVER consider an
> IDS as something to deal with/help with/mitigate a virus problem.

I think you are selling IDS short there.

We have VERY SUCCESSFULLY used our Snort network for real-time alerting of
virus/trojan outbreaks. We have serious muscle on our network with AV
systems - both server and client - but still there's the opportunity for
viruses to get onto test boxes/etc.

Snort has been massively useful as a first-line alerting system to virus
outbreaks - in fact our helpdesk think the IDS is a "network AV system" :-}

I know that is not meant to be what an IDS is for - but this has become a
serendipitous side-effect of installing Snort world wide for us...

Oh yeah - banging out Samba honeypots has also helped a lot...

--
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users