lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <014101c5fce5$236fffa0$0100a8c0@nuclearwinter>
Date: Fri Dec  9 17:43:29 2005
From: sk at groundzero-security.com (sk)
Subject: Snort as IDS/IPS in mission-critical
	enterprisenetwork

> Because of NDA, I cannot *name* the network where I was a part of the team
> installing and maintainting SNORT on a large network, but I can tell you
> that this network is one of the top tier-1 NSPs.  I can tell you that
> SNORT is the sole such product chosen for this purpose, and that it works
> better than we could have possibly hoped for.  last I looked, SNORT was
> being used on circuits as large as OC12s.

well it wouldnt be good to name those anyway as you dont know how many
snort 0-days exist and the next time something goes public could mean that those
networks are targeted first. afterall its up to you, i just thought i give you guys this hint.
its never a good idea to make such information public, thats why many people
fake their daemon versions, or dont show them at all.

-sk

Http://www.groundzero-security.com
----- Original Message ----- 
From: "J.A. Terranson" <measl@....org>
To: "Native.Code" <native.code@...il.com>
Cc: <full-disclosure@...ts.grok.org.uk>
Sent: Friday, December 09, 2005 6:13 PM
Subject: Re: [Full-disclosure] Snort as IDS/IPS in mission-critical enterprisenetwork


> 
> On Fri, 9 Dec 2005, Native.Code wrote:
> 
> > Is Snort enterprise ready where it can be deployed to monitor
> > mission-critical network?
> 
> Yes.  It is, and has been for some time.
> 
> > If any of you can name any big network which is using Snort as an example,
> > it will be very helpful.
> 
> Because of NDA, I cannot *name* the network where I was a part of the team
> installing and maintainting SNORT on a large network, but I can tell you
> that this network is one of the top tier-1 NSPs.  I can tell you that
> SNORT is the sole such product chosen for this purpose, and that it works
> better than we could have possibly hoped for.  last I looked, SNORT was
> being used on circuits as large as OC12s.
> 
> The problem isn't going to be your sensor (SNORT et al), but your back end
> software - *that* part is a bitch!
> 
> 
> -- 
> Yours,
> 
> J.A. Terranson
> sysadmin@....org
> 0xBD4A95BF
> 
> 
> I like the idea of belief in drug-prohibition as a religion in that it is
> a strongly held belief based on grossly insufficient evidence and
> bolstered by faith born of intuitions flowing from the very beliefs they
> are intended to support.
> 
> don zweig, M.D.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ