× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. SECURITY400
  3. February 2002

Re: Snort Rules

I'm interested in the same question about iSeries.
I've learned a lot about IDS (book learning) but have no place that I can
"practice").
This is the IDS (Intrusion Detection) part of the reading room at Sans.org
http://rr.sans.org/intrusion/intrusion_list.php
The HoneyNet project has also been very interesting:
http://project.honeynet.org/
jim

----- Original Message -----
From: "Fritz Hayes" <fhayes@spiritone.com>
To: <security400@midrange.com>
Sent: Thursday, February 07, 2002 11:00 AM
Subject: RE: [Security400] Snort Rules


> I use it on an old p75 linux box to monitor the ethernet lines.
> Usually, the box has no IP address.  The NIC is set to promiscuous mode
> and just reviews the data stream for known hacks and attacks.  So, with
> the iSeries, the Intrusion Detection box would sit on the ethernet line
> running to the ethernet port on the iSeries.  There's a given set of
> rules supplied with the download, but I feel there should be some added
> for the iSeries environment.
>
>
> Best Regards
>
> Fritz Hayes
> Atwater Associates
>
> <snip>
> |
> |I download SNORT towards the end of last year but have been
> |buried and have not done much with it.
> |
> |It's on my PC, but how would you use it with the iSeries ?
> <snip>
> |
> |> Is anyone using Snort as an IDS with their iSeries?  What rule sets
> |> have you found useful?
> <snip>
>
>
> _______________________________________________
> This is the Security Administration on the AS400 / iSeries (Security400)
mailing list
> To post a message email: Security400@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/security400
> or email: Security400-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/security400.
>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.