intrusion detection/prevention
ref
tbs-Gb/NUjX2UK8 at public.gmane.org
Tue Jun 30 14:05:05 EDT 2009
On Tue, 2009-06-30 at 13:22 -0400, Ryan Pugatch wrote:
> Hi all,
>
> Looking in to my options for intrusion detection and prevention. Top of
> the list, of course, is Snort either open source or on a Sourcefire
> appliance. I am wondering if anyone has any suggestions or
> recommendations.
>
> Thanks
>
I have personally used tripwire, portsentry, and snort / Oinkmaster over
the last several years ...and have now dropped everything except
Snort/Oinkmaster. TRipwire annoyed me as it emailed me masses of stuff
everyday about what had NOT changed. Portsentry tended to clog up the
iptables with things it found bothersome, which meant I kept having to
flush the tables. I could have set it to 'no action', but then what was
the point?
Sort and OinkMaster are a good answer for me, YMMV :)
Richard
More information about the Discuss
mailing list