[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprise network

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprise network
From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
Date: Fri, 09 Dec 2005 09:18:54 -0500

If any of you can name any big network which is using Snort as an example, it will be very helpful.

/16 on a DS-3 here. Snort on a p4 3.2ghz box, with a fairly large ruleset (not the whole thing, but all the VRT ones, plus a bunch of bleeding ones, plus a bunch of overrides.

I have it configured to automatically shutdown infected ports (not something it does natively .. a lot of Perl + MySQL + pixie dust).

Rock solid. Thanks Marty :)

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Snort as IDS/IPS in mission-critical enterprise network
  - From: Native.Code

Prev by Date: Re: [Full-disclosure] Re: Google is vulnerable from XSS attack
Next by Date: Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprise network
Previous by thread: Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprisenetwork
Next by thread: Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprise network
Index(es):
- Date
- Thread