Re: [Security400] Snort Rules

["Jim Franz" <franz400@xxxxxxxxxxxx>]

I'm interested in the same question about iSeries.
I've learned a lot about IDS (book learning) but have no place that I can
"practice").
This is the IDS (Intrusion Detection) part of the reading room at Sans.org
http://rr.sans.org/intrusion/intrusion_list.php
The HoneyNet project has also been very interesting:
http://project.honeynet.org/
jim

----- Original Message -----
From: "Fritz Hayes" <fhayes@spiritone.com>
To: <security400@midrange.com>
Sent: Thursday, February 07, 2002 11:00 AM
Subject: RE: [Security400] Snort Rules


> I use it on an old p75 linux box to monitor the ethernet lines.
> Usually, the box has no IP address.  The NIC is set to promiscuous mode
> and just reviews the data stream for known hacks and attacks.  So, with
> the iSeries, the Intrusion Detection box would sit on the ethernet line
> running to the ethernet port on the iSeries.  There's a given set of
> rules supplied with the download, but I feel there should be some added
> for the iSeries environment.
>
>
> Best Regards
>
> Fritz Hayes
> Atwater Associates
>
> <snip>
> |
> |I download SNORT towards the end of last year but have been
> |buried and have not done much with it.
> |
> |It's on my PC, but how would you use it with the iSeries ?
> <snip>
> |
> |> Is anyone using Snort as an IDS with their iSeries?  What rule sets
> |> have you found useful?
> <snip>
>
>
> _______________________________________________
> This is the Security Administration on the AS400 / iSeries (Security400)
mailing list
> To post a message email: Security400@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/security400
> or email: Security400-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/security400.
>