RE: FW: 2nd Call--CRIME Meeting 8 June 2004, 10-Noon, @ Zoo Conf Rooms

From: Andrew Plato (aplato@private)
Date: Mon Jun 07 2004 - 14:50:56 PDT

  • Next message: alan: "Re: FW: 2nd Call--CRIME Meeting 8 June 2004, 10-Noon, @ Zoo Conf Rooms"

    Ourmon is a statistical network monitor. Looks at packets, computes
    statistics, keys on statistical values.
    
    Snort is a intrusion detection system. Looks at packets, compares them
    to known vulnerabilities/exploits, keys on signatures and protocol
    anomalies. 
    
    Ourmon is more synonymous a "flow-based IDS"  There are some intrusion
    prevention products built around flow-analysis, such as TippingPoint's
    UnityOne and TopLayer AttackMitigator. However, these products usually
    augment their flow analysis with signatures and higher-level filters as
    well. 
    
    
    ___________________________________
    Andrew Plato, CISSP
    President/Principal Consultant
    ANITIAN  ENTERPRISE  SECURITY
    
    3800 SW Cedar Hills Blvd, Suite 298
    Beaverton, OR 97005
    503-644-5656 Office
    503-214-8069 Fax
    503-201-0821 Mobile
    www.anitian.com
    ___________________________________
    
    GPG fingerprint: 16E6 C5B0 B6CB F287 776E E9A9 AF47 9914 3582 633D
    GPG public key available at: http://www.anitian.com/corp/keys.htm 
    
    -----Original Message-----
    From: owner-crime@private [mailto:owner-crime@private] On Behalf
    Of Mark Allyn
    Sent: June 07, 2004 1:53 PM
    To: alan
    Cc: George Heuston; crime@private
    Subject: Re: FW: 2nd Call--CRIME Meeting 8 June 2004, 10-Noon, @ Zoo
    Conf Rooms
    
    
    All kidding aside; I thought that snort was the biggie for open source
    network monitoring.
    
    Mark
    



    This archive was generated by hypermail 2b30 : Mon Jun 07 2004 - 15:25:08 PDT