* Home Help Search Calendar Login Register  

Welcome, Guest. Please login or register.
July 04, 2008, 04:03:43 PM

Login with username, password and session length

170431 Posts
20392 Topics
49668 Members
Latest Member: avertv

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Learn about Computer Security and Interact with Security Experts
| |-+  Anti Virus/Malware Products/Other Security products
| | |-+  Snort IDS/IPS [Resolved]		 « previous next »
Pages: [1] Go Down Print
Author Topic: Snort IDS/IPS [Resolved]  (Read 368 times)
Ragwing
Guardian of the Light Master of the Force Invincible Legend
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 2554


The chosen hero of the Keyblade
« on: May 02, 2008, 01:37:27 PM »
Greetings all!

I have some questions regarding Snort.

1. Is it needed if you use CFP3?

2. Does it only log suspicious traffic, or will it block it too?

3. Is there any tutorial on how to use Snort with IDScenter? Using it without GUI would be far to complicated for me...

4. Do you have any experiences with Snort?

5. Any other free IDS/IPS for Windows XP?

Cheers,
Ragwing
« Last Edit: May 03, 2008, 05:55:21 AM by Ragwing » Logged
"The closer you get to the light, the greater your shadow becomes"
Eric Cryptid
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 935


Security Saskquatch
« Reply #1 on: May 02, 2008, 05:17:33 PM »
I myself have never managed to get Snort to work on my machine. You could always use a program like airsnare to monitor what's going on with your network though CPF3 does include some IDS technologies by the ability to protect ARP Cache, Protection against UDP Etc Floods and Protocol Analysis...

IMAO not needed if using CPF3.

Eric
Logged
Cryptid - Any animal or creature that has been reported to have existed, but has not been proven to.

Security Fanatic

Please Read Forum Policy Before Posting - https://forums.comodo.com/new_member_information/forum_policy-t1516.0.html
Soyabeaner
Akagi
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 6429
« Reply #2 on: May 02, 2008, 09:10:01 PM »
Yep.  I my previous firewall was Kerio, which used Snort and IDS.  And yes, it should also block those things.

I agree with Eric and Egemen before stating that IDS relies on signatures like a blacklist, whereas CFP's Attack Detection Settings are indiscriminate on the traffic, but based on the probe rates, etc.  Although I did recall somewhere in this forum that later on CFP may include something similar to IDS (I'll have to search for it).


Here we go:
http://forums.comodo.com/leak_testingattacksvulnerability_research/what_about_inboud-t11567.0.html;msg82278#msg82278

http://forums.comodo.com/leak_testingattacksvulnerability_research/comodos_inbound_protection_is_only_basicfor_melih_and_egemen_also-t18296.0.html;msg124831#msg124831
« Last Edit: May 02, 2008, 09:13:31 PM by Soyabeaner » Logged
Ragwing
Guardian of the Light Master of the Force Invincible Legend
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 2554


The chosen hero of the Keyblade
« Reply #3 on: May 03, 2008, 05:54:38 AM »
Thanks for the answers guys!
It seems like it's not needed for home users, and especially not when you're using CFP3! Also, the packet scanning will most likely reduce the connection speed (unlike CFP3), so I'm fine with CFP3.
I'll close this topic now, and shall I need it opened again, I guess I'll PM myself with a link to this topic, and a request to re-open it Wink

Cheers,
Ragwing
Logged
"The closer you get to the light, the greater your shadow becomes"
Tags:
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Firewall
Page created in 0.05 seconds with 18 queries.
Powered by SMF 1.1.5 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks 		Design by 7dana.com