[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] article at LinuxSecurity.com
- Subject: RE: [cobalt-users] article at LinuxSecurity.com
- From: flash22@xxxxxxx
- Date: Tue Mar 13 13:21:06 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Tue, 13 Mar 2001, Rodolfo Paiz wrote:
> > After reading the article at
> > http://www.linuxsecurity.com/articles/intrusion_detection_arti
> > cle-2655.html
> > I think I might give Snort a try on another box...
> >
> > What do y'all think?
>
> Snort may or may not be a good program; I don't know. Unfortunately the
> writing you linked to is not an "article," it is a smear piece. The
> author is trying to achieve two things: (1) total disqualification of
> PortSentry and (2) high praise of Snort. This article should have been
Well, what'd you expect, backtrack the author, he's a second year student
working on his BS degree ;0 (And not in computer science either ;)
> I cannot with comfort put my faith in writing by someone whose
> objectivity I cannot trust. I will soon take a look at snort and try to
And who provides no substantial references ;0
> see for myself whether it has a place in my network, and I assume that
> it will. However, this article by itself is useless.
And contains reasoning errors, hints at a incomplete
evaluation/understanding of at least one of the things he is comparing,
and puts off the downside to what he is plugging until the very last few
sentences ;)
"An NIDS should be run on a machine that can
see all the traffic that gets past the
firewall, preferably not on the firewall
machine itself because NIDS can be quite
performance intensive."
read as "It can totally bury a server on a fast connection" ;0
gsh