Date: Wed, 10 Jan 2001 18:00:01 +0100 From: Mark Rowlands <mark.rowlands@minmail.net> To: Per Tore Larsen <per.tore.larsen@fernonorden.com>, "'freebsd-questions@freebsd.org'" <freebsd-questions@FreeBSD.ORG> Subject: Re: Snort or Portsentry? Message-ID: <01011018000102.01787@web1.tninet.se> In-Reply-To: <25879E6A7E74D411B9370050043B7F3E09F83B@fernonorden.com> References: <25879E6A7E74D411B9370050043B7F3E09F83B@fernonorden.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 09 January 2001 20:20, Per Tore Larsen wrote: > Hi. > > I need a port that will monitor my firewall for possible > backdoor/breakins/etc and > found out that snort or protsentry would make this possible. > > Here's my question: > Will both be able so send mail when on of the rules is activated or a > message > to a windows machine that the port has detected a possible security > problem? Which would be the best to use? > > I'm using ipf and ipnat on FreeBSD 4.2. > snort can send smb messages and as with most unix like utilities, scripting can perform most miracles that have been omitted by the developers. Portsentry with logsentry (afaik) will send email alerts. as for smb see scritping. Me. I like snort, very flexible, some cool utilities around it (snortsnarf.pl dumps the output to a webserver for point and clicky type stuff) It has support for various databases, and more features are being added all the time and because (whisper it quietly) it has a win32 port as well. It does have a response type plugin, but I am generally a bit wary of these due to the possibility of a savvy miscreant exploiting it against me or others. as ever ymmv To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01011018000102.01787>