http://www.ISAserver.org ------------------------------------------------------- Okay, I guess that answers the first question, thank you. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Tuesday, March 31, 2009 2:23 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: IDS Questions http://www.ISAserver.org ------------------------------------------------------- Netmon and Snort share only one thing - the ability to grab packets off the wire. Other than that, they're nothing alike. You can no more use Snort for traffic analysis than you can Netmon for traffic alerting and blocking. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ball, Dan Sent: Tuesday, March 31, 2009 11:14 AM To: 'isalist@xxxxxxxxxxxxx' Subject: [isalist] Re: IDS Questions http://www.ISAserver.org ------------------------------------------------------- Yes, they are different, but yet similar in other ways, which is why I was looking at that one first. Both of them monitor network traffic, but Snort has those signature files which throw away all packets of known origin, and alerts you to the suspect ones. Looking at Network Monitor, I see it supports capture filters which I got me wondering if it could be used as a suitable replacement. Basically, I was looking for something that I can fire up whenever there is a lot of traffic on the network to see if someone brought in an infested home computer and put it on our Intranet. If it is something like Network Monitor, I won't have to dedicate an entire server (or two) just to run it and spend hours configuring it to work. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Tuesday, March 31, 2009 2:04 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: IDS Questions http://www.ISAserver.org ------------------------------------------------------- What do you want; a Snort replacement of a network traffic analysis tool like Netmon (they're different beasts)? TMG can replace Snort as an IDS, except that you don't' have access to the GAPA signature language. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ball, Dan Sent: Tuesday, March 31, 2009 10:54 AM To: 'isalist@xxxxxxxxxxxxx' Subject: [isalist] OT: IDS Questions http://www.ISAserver.org ------------------------------------------------------- This is a bit off-topic, but I figured that if anyone would know it would be you guys... I'm trying to find a suitable Windows-Based replacement for programs like Snort, as I get really-really sick of digging through tons of propaganda on configuration files to get a program working. Looking at the program a bit, it seems like I should be able to do something similar to Snort with a basic program such as Network Monitor, but I haven't worked with the filters enough to be able to tell if I can do that or not. So, two questions: 1. Can the functionality of Snort be done with Network Monitor? 2. What is the best Windows-Based program for doing IDS monitoring? (freeware preferably) ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx