Greetings all!
I have some questions regarding Snort.
Is it needed if you use CFP3?
Does it only log suspicious traffic, or will it block it too?
Is there any tutorial on how to use Snort with IDScenter? Using it without GUI would be far to complicated for me…
Do you have any experiences with Snort?
Any other free IDS/IPS for Windows XP?
Cheers,
Ragwing
I myself have never managed to get Snort to work on my machine. You could always use a program like airsnare to monitor what’s going on with your network though CPF3 does include some IDS technologies by the ability to protect ARP Cache, Protection against UDP Etc Floods and Protocol Analysis…
IMAO not needed if using CPF3.
Eric
Yep. I my previous firewall was Kerio, which used Snort and IDS. And yes, it should also block those things.
I agree with Eric and Egemen before stating that IDS relies on signatures like a blacklist, whereas CFP’s Attack Detection Settings are indiscriminate on the traffic, but based on the probe rates, etc. Although I did recall somewhere in this forum that later on CFP may include something similar to IDS (I’ll have to search for it).
Thanks for the answers guys!
It seems like it’s not needed for home users, and especially not when you’re using CFP3! Also, the packet scanning will most likely reduce the connection speed (unlike CFP3), so I’m fine with CFP3.
I’ll close this topic now, and shall I need it opened again, I guess I’ll PM myself with a link to this topic, and a request to re-open it (:WIN)
Cheers,
Ragwing