Snort IDS/IPS [Resolved]

Ragwing

Guardian of the Light Master of the Force Invincible Legend
Global Moderator
Comodo's Hero

Offline

Posts: 2207

The Computer Mage

Snort IDS/IPS [Resolved]

« on: May 02, 2008, 01:37:27 PM »

Greetings all!

I have some questions regarding Snort.

1. Is it needed if you use CFP3?

2. Does it only log suspicious traffic, or will it block it too?

3. Is there any tutorial on how to use Snort with IDScenter? Using it without GUI would be far to complicated for me...

4. Do you have any experiences with Snort?

5. Any other free IDS/IPS for Windows XP?

Cheers,
Ragwing


« Last Edit: May 03, 2008, 05:55:21 AM by Ragwing »	Logged

The Wheel of Time turns, and Ages come and pass, leaving memories that become legend. Legend fades to myth, and even myth is long forgotten when the Age that gave it birth comes again.

Eric Cryptid

Global Moderator
Comodo's Hero

Offline

Posts: 815

Security Saskquatch

Re: Snort IDS/IPS

« Reply #1 on: May 02, 2008, 05:17:33 PM »

I myself have never managed to get Snort to work on my machine. You could always use a program like airsnare to monitor what's going on with your network though CPF3 does include some IDS technologies by the ability to protect ARP Cache, Protection against UDP Etc Floods and Protocol Analysis...

IMAO not needed if using CPF3.

Eric


	Logged

Cryptid - Any animal or creature that has been reported to have existed, but has not been proven to.

Security Fanatic

Please Read Forum Policy Before Posting - https://forums.comodo.com/new_member_information/forum_policy-t1516.0.html

Soyabeaner

VOLUNTEER
Global Moderator
Comodo's Hero

Online

Posts: 5524

Re: Snort IDS/IPS

« Reply #2 on: May 02, 2008, 09:10:01 PM »

Yep. I my previous firewall was Kerio, which used Snort and IDS. And yes, it should also block those things.

I agree with Eric and Egemen before stating that IDS relies on signatures like a blacklist, whereas CFP's Attack Detection Settings are indiscriminate on the traffic, but based on the probe rates, etc. Although I did recall somewhere in this forum that later on CFP may include something similar to IDS (I'll have to search for it).

Here we go:
http://forums.comodo.com/leak_testingattacksvulnerability_research/what_about_inboud-t11567.0.html;msg82278#msg82278

http://forums.comodo.com/leak_testingattacksvulnerability_research/comodos_inbound_protection_is_only_basicfor_melih_and_egemen_also-t18296.0.html;msg124831#msg124831


« Last Edit: May 02, 2008, 09:13:31 PM by Soyabeaner »	Logged

Never argue with an idiot; they'll drag you down to their level and beat you with experience.

Ragwing

Guardian of the Light Master of the Force Invincible Legend
Global Moderator
Comodo's Hero

Offline

Posts: 2207

The Computer Mage

Re: Snort IDS/IPS

« Reply #3 on: May 03, 2008, 05:54:38 AM »

Thanks for the answers guys!
It seems like it's not needed for home users, and especially not when you're using CFP3! Also, the packet scanning will most likely reduce the connection speed (unlike CFP3), so I'm fine with CFP3.
I'll close this topic now, and shall I need it opened again, I guess I'll PM myself with a link to this topic, and a request to re-open it Wink

Cheers,
Ragwing


	Logged

The Wheel of Time turns, and Ages come and pass, leaving memories that become legend. Legend fades to myth, and even myth is long forgotten when the Age that gave it birth comes again.

Tags:

Pages: [1]

« previous next »

Jump to:

SSL

Firewall

Page created in -0 seconds with 18 queries.

Design by 7dana.com