[isalist] Re: IDS Questions

• From: "Ball, Dan" <DBall@xxxxxxxxxxx>
• To: "'isalist@xxxxxxxxxxxxx'" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 31 Mar 2009 14:23:37 -0400

http://www.ISAserver.org
-------------------------------------------------------

Okay, I guess that answers the first question, thank you.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Tuesday, March 31, 2009 2:23 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: IDS Questions

http://www.ISAserver.org
-------------------------------------------------------
  
Netmon and Snort share only one thing - the ability to grab packets off the 
wire.
Other than that, they're nothing alike.

You can no more use Snort for traffic analysis than you can Netmon for traffic 
alerting and blocking.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ball, Dan
Sent: Tuesday, March 31, 2009 11:14 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: IDS Questions

http://www.ISAserver.org
-------------------------------------------------------
  
Yes, they are different, but yet similar in other ways, which is why I was 
looking at that one first.  Both of them monitor network traffic, but Snort has 
those signature files which throw away all packets of known origin, and alerts 
you to the suspect ones.  Looking at Network Monitor, I see it supports capture 
filters which I got me wondering if it could be used as a suitable replacement.

Basically, I was looking for something that I can fire up whenever there is a 
lot of traffic on the network to see if someone brought in an infested home 
computer and put it on our Intranet.  If it is something like Network Monitor, 
I won't have to dedicate an entire server (or two) just to run it and spend 
hours configuring it to work.


-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Tuesday, March 31, 2009 2:04 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: IDS Questions

http://www.ISAserver.org
-------------------------------------------------------
  
What do you want; a Snort replacement of a network traffic analysis tool like 
Netmon (they're different beasts)?
TMG can replace Snort as an IDS, except that you don't' have access to the GAPA 
signature language.


-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ball, Dan
Sent: Tuesday, March 31, 2009 10:54 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] OT: IDS Questions

http://www.ISAserver.org
-------------------------------------------------------
  
This is a bit off-topic, but I figured that if anyone would know it would be 
you guys...

I'm trying to find a suitable Windows-Based replacement for programs like 
Snort, as I get really-really sick of digging through tons of propaganda on 
configuration files to get a program working.  Looking at the program a bit, it 
seems like I should be able to do something similar to Snort with a basic 
program such as Network Monitor, but I haven't worked with the filters enough 
to be able to tell if I can do that or not.

So, two questions:
1. Can the functionality of Snort be done with Network Monitor?
2. What is the best Windows-Based program for doing IDS monitoring? (freeware 
preferably)

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

• References:
  • [isalist] Ports for video calls
    • From: Rob Moore
  • [isalist] Re: Ports for video calls
    • From: Jim Harrison
  • [isalist] Re: Ports for video calls
    • From: Rob Moore
  • [isalist] Re: Ports for video calls
    • From: Jim Harrison
  • [isalist] OT: IDS Questions
    • From: Ball, Dan
  • [isalist] Re: IDS Questions
    • From: Jim Harrison
  • [isalist] Re: IDS Questions
    • From: Ball, Dan
  • [isalist] Re: IDS Questions
    • From: Jim Harrison

Other related posts:

• » [isalist] Re: IDS Questions- Jim Harrison
• » [isalist] Re: IDS Questions- Ball, Dan
• » [isalist] Re: IDS Questions- Jim Harrison
• » [isalist] Re: IDS Questions - Ball, Dan

1. Home
2. isalist
3. Archive
4. 03-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---