Re: [Snort-users] snort funtionallity
This is a discussion on Re: [Snort-users] snort funtionallity within the Snort forums, part of the System Security and Security Related category; Michael Boman wrote: > Take a deep breath and read my answers below... > > On Fri, 17 Dec 2004 ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-17-2004
|
|||
|
|||
Re: [Snort-users] snort funtionallity
Michael Boman wrote:
> Take a deep breath and read my answers below... > > On Fri, 17 Dec 2004 01:35:08 -0500, Nick Smith <nick@computernick.com> > wrote: > > >> isnt there a way to have snort email you when a serious attack occurs? i >> thought i remembered reading that some where but cant find it now. >> > > > http://www.snort.org/docs/FAQ.txt > FAQ #5.9 > > > well that answers that, i could of swore i saw that somewhere though, >> also >> is ACID the best console for snort? or are they any better ones out >> there? >> > > > Personally I swear by SGUIL (www.sguil.net), but that's just me ;) > > > ill look into that thanks >> and are there any websites with a list of rules to add to >> increase security of your snort install without having to write all the >> rules by hand yourself? >> > > > Yes, both www.snort.org and www.bleedingsnort.com updates their rules > regulary. > > > do you just have to copy over the new rules into the correct directory overwriting the old? do they ever add any new *.rules files? if so do i need to do anything special to tell snort they are there? or does it do that on its own? >> and where would i add those rules? >> > > > If you write your own rules you usually put them in local.rules. > > > found it thanks >> and finally >> this probably goes along with the previous question; i am getting >> virtually no ICMP (<1%) traffic and no portscan traffic (0%), i know >> there has to be some traffic for those, and i have a fresh install of >> snort running, is there something i have to add to get snort to look for >> that traffic? >> > > > Have you enabled the relevant signatures and preprocessors for those? > > > no clue how to do that? any advice? >> thanks for any and all help, im very new to snort and acid and need all >> the help i can get >> > > > Don't worry, we all were there at one point of time. My suggestion: > Pick up some books on Network IDS and Snort. TCP/IP Illustrated vol. 1 > is also recomended. And don't forget Richard's book "The Tao of > Network Security Monitoring: Beyond Intrusion Detection". You have > some links to sample chapters etc. at > http://www.taosecurity.com/books.html > > Good luck! > > /Michael Boman > > > thanks for your quick responce its helped alot Nick > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://productguide.itmanagersjournal.com/ > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > > ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
