Re: [Snort-users] snort funtionallity
This is a discussion on Re: [Snort-users] snort funtionallity within the Snort forums, part of the System Security and Security Related category; Take a deep breath and read my answers below... On Fri, 17 Dec 2004 01:35:08 -0500, Nick Smith &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-17-2004
|
|||
|
|||
Re: [Snort-users] snort funtionallity
Take a deep breath and read my answers below...
On Fri, 17 Dec 2004 01:35:08 -0500, Nick Smith <nick@computernick.com> wrote: > isnt there a way to have snort email you when a serious attack occurs? i > thought i remembered reading that some where but cant find it now. http://www.snort.org/docs/FAQ.txt FAQ #5.9 > also > is ACID the best console for snort? or are they any better ones out > there? Personally I swear by SGUIL (www.sguil.net), but that's just me ;) > and are there any websites with a list of rules to add to > increase security of your snort install without having to write all the > rules by hand yourself? Yes, both www.snort.org and www.bleedingsnort.com updates their rules regulary. > and where would i add those rules? If you write your own rules you usually put them in local.rules. > and finally > this probably goes along with the previous question; i am getting > virtually no ICMP (<1%) traffic and no portscan traffic (0%), i know > there has to be some traffic for those, and i have a fresh install of > snort running, is there something i have to add to get snort to look for > that traffic? Have you enabled the relevant signatures and preprocessors for those? > thanks for any and all help, im very new to snort and acid and need all > the help i can get Don't worry, we all were there at one point of time. My suggestion: Pick up some books on Network IDS and Snort. TCP/IP Illustrated vol. 1 is also recomended. And don't forget Richard's book "The Tao of Network Security Monitoring: Beyond Intrusion Detection". You have some links to sample chapters etc. at http://www.taosecurity.com/books.html Good luck! /Michael Boman ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
