[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] IDS and established TCP/UDP sessions

Subject: Re: [cobalt-security] IDS and established TCP/UDP sessions
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Sat, 1 Dec 2001 17:33:03 +0100
Organization: Stauber Multimedia Design
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Mike,

> Although I haven't installed it yet, Snort is where I'm most likely
> headed, but want to hear from you guys.

Snort is really worth it. But you also should get Demarc 
(http://www.demarc.org). It is a web frontend to Snort and uses MySQL to 
store Snorts reports. You'll then get nifty reports and statistical 
breakdowns of what's going on.

Of course you need to build Snort with MySQL support to make it interface 
with Demarc. The Demarc docs tell you how to do that. AFAIK the RPMs for 
Snort do not come with MySQL support, but it's easy to compile.

-- 

With best regards,

Michael Stauber
SOLARSPEED.NET

References:
- [cobalt-security] IDS and established TCP/UDP sessions
  - From: Mike Jeffers

Prev by Date: RE: [cobalt-security] IDS and established TCP/UDP sessions
Next by Date: Re: [cobalt-security] root kitted :(
Previous by thread: RE: [cobalt-security] IDS and established TCP/UDP sessions
Next by thread: [cobalt-security] RAQ3 vulnerabilities

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index