Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Tue, 2009-06-30 at 13:22 -0400, Ryan Pugatch wrote: > Hi all, > > Looking in to my options for intrusion detection and prevention. Top of > the list, of course, is Snort either open source or on a Sourcefire > appliance. I am wondering if anyone has any suggestions or > recommendations. > > Thanks > I have personally used tripwire, portsentry, and snort / Oinkmaster over the last several years ...and have now dropped everything except Snort/Oinkmaster. TRipwire annoyed me as it emailed me masses of stuff everyday about what had NOT changed. Portsentry tended to clog up the iptables with things it found bothersome, which meant I kept having to flush the tables. I could have set it to 'no action', but then what was the point? Sort and OinkMaster are a good answer for me, YMMV :) Richard
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |