Home page logo
/

snort logo Snort mailing list archives

Re: Ourmon
From: Alex Tatistcheff <alext () pobox com>
Date: Thu, 9 Dec 2010 21:37:38 -0800

You can also use hogger to build your host attribute table using NMAP.

http://code.google.com/p/hogger/


Alex Tatistcheff
alext () pobox com

The most terrifying words in the English language are, "I'm from the
government and I'm here to help." -Ronald Reagan


On Wed, Dec 8, 2010 at 9:04 AM, Jefferson, Shawn <
Shawn.Jefferson () bcferries com> wrote:

 The closest thing I’ve heard of to a “learning mode” with Snort, is to
run PRADS to build your Host Attribute table, so that Snort knows what OSes
are running and what services on what ports are on your network.  The Host
Attribute table applies to the stream and frag preprocessors, as well as to
some rules (ie. http rules that can apply if you are running a web server on
a non-standard port).


 ------------------------------

*From:* Andres Carrera [mailto:protoss_black88 () hotmail com]
*Sent:* Thursday, November 18, 2010 9:03 AM
*To:* snort-devel () lists sourceforge net; snort-users () lists sourceforge net
*Subject:* [Snort-users] Ourmon



Hi,

snort (any version) can work with ourmon [http://ourmon.sourceforge.net/]?
or there is something I can do to install snort and ourmon together..
or maybe is there something very similar to ourmon that I can use with
snort..?

I want to build a "snort learning machine" so, it can study the traffic
from a network
and then with that learned mode finished, I want to begin a detection mode.

Please somebody that knows how to make a learning mode with snort, please
let us know about it.

Regards,

Abdon Carrera






------------------------------------------------------------------------------
This SF Dev2Dev email is sponsored by:

WikiLeaks The End of the Free Internet
http://p.sf.net/sfu/therealnews-com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault