[Bro] [Fwd: Re: snort tamandua or prelude ids plus bro?]
Christian Kreibich
christian at whoop.org
Fri Aug 6 14:34:40 PDT 2004
Hey,
a bit of motivation to get the documentation up to speed :)
Cheers,
Christian.
-----Forwarded Message-----
> From: Lee Sheng <momosisco at hotmail.com>
> To: focus-ids at securityfocus.com
> Subject: Re: snort tamandua or prelude ids plus bro?
> Date: Fri, 06 Aug 2004 22:46:53 +0800
>
> rmkml,
>
> Actually i'm thinking of adding bro too, but the thing is lack of
> documentation on Bro, can you point me out where can i find useful
> whitepaper or guides on deploying Bro cause I got no time to start
> everything from scratch.
>
> Thanks.
>
>
> Regards,
> Lee
>
>
> >From: rmkml <rmkml at wanadoo.fr>
> >To: Lee Sheng <momosisco at hotmail.com>
> >Subject: Re: snort tamandua or prelude ids
> >Date: Fri, 6 Aug 2004 16:32:49 +0200 (CEST)
> >
> >Hi Lee,
> >
> >add bro in possible choice ?
> >
> >Regards
> >
> >Rmkml at Wanadoo.fr
> >
> >
> >On Fri, 6 Aug 2004, Lee Sheng wrote:
> >
> >>Date: Fri, 06 Aug 2004 18:37:16 +0800
> >>From: Lee Sheng <momosisco at hotmail.com>
> >>To: focus-ids at securityfocus.com
> >>Subject: snort tamandua or prelude ids
> >>
> >>All,
> >>
> >>Thanks to all of you who have answered my question, it's so nice to get so
> >>many suggestions nad helps from the community.
> >>
> >>My another question is no doubt the snort is one of the best ids compare
> >>to other ids. However I really interested in the tamandua ids which
> >>implementing the boolean layer to detect the patent of the attack(less
> >>alse postive). Anyone have experiences in deploying tamandua ids and I
> >>would like to know whether tamandua ids is still active or the development
> >>of tamandua ids is already dead. If you have experience on deploying,
> >>hopefully you guys can share expericience with me. Then about the prelude
> >>IDS, prelude ids seems very complicated and I still not sure where to
> >>start. Anyone have any ideas cause now I still in the way of thinking
> >>which ids to deploy for the company. Snort, tamandua or prelude?
> >>Prelude seems more in depth on tracking what attacker try to do with HIDS
> >>as well. I've one and half years experience in snort (not in transparent
> >>mode of course). If I want to save my time, sure I will choose snort,
> >>however I would like to hear from you all. Thanks again.
> >>
> >>
> >>Regards,
> >>Lee
> >>
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25
http://www.whoop.org
More information about the Bro
mailing list