Mark, As an aside, I've been running the Win32 port of Snort on large web clusters for some time now and I've seen excellent results. There are plenty of good tools available (as well as syslog capability) that make Snort an option for just about any shop these days. You can run it right on your hosts, or mirror a switch port to capture traffic for entire segments. Check it out at http://www.snort.org and http://www.whitehats.com. Cheers Keith -----Original Message----- From: Mark Challender [mailto:MarkCat_private] Sent: Tuesday, May 01, 2001 1:57 AM To: INCIDENTSat_private Subject: My Mysterious Message 2. Lots of folks asked if I was running Snort. This was an NT box. Sorry I didn't say that in the original message.
This archive was generated by hypermail 2b30 : Tue May 01 2001 - 08:52:07 PDT