Ourmon is a statistical network monitor. Looks at packets, computes statistics, keys on statistical values. Snort is a intrusion detection system. Looks at packets, compares them to known vulnerabilities/exploits, keys on signatures and protocol anomalies. Ourmon is more synonymous a "flow-based IDS" There are some intrusion prevention products built around flow-analysis, such as TippingPoint's UnityOne and TopLayer AttackMitigator. However, these products usually augment their flow analysis with signatures and higher-level filters as well. ___________________________________ Andrew Plato, CISSP President/Principal Consultant ANITIAN ENTERPRISE SECURITY 3800 SW Cedar Hills Blvd, Suite 298 Beaverton, OR 97005 503-644-5656 Office 503-214-8069 Fax 503-201-0821 Mobile www.anitian.com ___________________________________ GPG fingerprint: 16E6 C5B0 B6CB F287 776E E9A9 AF47 9914 3582 633D GPG public key available at: http://www.anitian.com/corp/keys.htm -----Original Message----- From: owner-crime@private [mailto:owner-crime@private] On Behalf Of Mark Allyn Sent: June 07, 2004 1:53 PM To: alan Cc: George Heuston; crime@private Subject: Re: FW: 2nd Call--CRIME Meeting 8 June 2004, 10-Noon, @ Zoo Conf Rooms All kidding aside; I thought that snort was the biggie for open source network monitoring. Mark
This archive was generated by hypermail 2b30 : Mon Jun 07 2004 - 15:25:08 PDT