[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] IDS
I think Snort (BSD) and Dragon are the two best out there right now. Snort is free and well supported by the Open Source community, plus is easy to modify for new attacks vs. canned solutions. Cisco however is licensing the Entercept IDS for their next round of IDS products, so it should be interesting to see what the final product is. Entercept (IMHO) does a nice job of trapping buffer overflows. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Ramakrishnan Sent: Tuesday, October 30, 2001 1:13 AM To: [email protected] Subject: [FW-1] IDS Hi Kevin, Thanks for the suggestion. I found it very useful. I tested Snort and found it lacking in tracing fragmentation and TCP reassembly attacks. Also the webinterface is not very appealing. I shall test the Dragon as well in our labs. I need to know if any IDS is known to work exceptionally well with CP 1 Regards Rama See the following article on comparisons of different IDS systems. http://www.nwc.com/shared/printArticle?article=nc/1217/1217f2full.html&p ub=n wc Kevin Martin [email protected] Stafford Trading Inc. Chief Security Officer Chicago, IL 60604 TEL230 S. LaSalle, Ste. 688 -----Original Message----- From: Ramakrishnan [mailto:[email protected]] Sent: Tuesday, October 23, 2001 11:45 PM To: [email protected] Subject: [FW-1] etrust IDS Hi, Has anybody tried etrust IDS ??? I would like to know the support for the product. I am also exploring the option of Black Ice for my organisation. Any experience on these products are welcome. Our organisation has a CP 4.1 as firewall. We are also planning to introduce the Dynamic acl. Is thee any possibility of configuring a time bound dynamic acl. Regards Rama __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|