Snort mailing list archives

Re: General Snort Help!

From: Erek Adams <erek () snort org>
Date: Tue, 21 Jan 2003 21:56:02 -0500 (EST)

On Tue, 21 Jan 2003, Lorraine Cannavale wrote:

Hello, I am very new at the whole Intrusion Detection Process and especially
snort.
There is a network administrator here that has installed an IDS utilizing
snort, etc and is responsible for maintaining the system.
I was hired by the Security Administrator to help monitor the alerts on a
daily basis, analyze the data, and help reduce the false positives.
So, I have the easy job, but I'm having major difficulties understanding
what the alerts actually mean and deciphering what is a false positive, true
intrusion, or just an informational alert.  I have read the Snort user
manual, understand how to read the rules, and have found some information on
the alerts, but it is still confusing to me.

Can anyone recommend additional resources that would help me (books, on-line
manuals, or web sites)?
I've read emails from the Snort mailing list and this all seems to make a
lot of sense to everyone else, I'm curious how you all obtained your
knowledge and if there is anything you can share with me!?


[...snip...]

In my opinion, in order of need/usefulness:

TCP/IP Illustrated, Volume 1 The Protocols by W. Richard Stevens
     ISBN 0201633469

Network Intrusion Detection An Analyst's Handbook by  Stephen Northcutt
     ISBN 0735708681

Intrusion Signatures and Analysis by Stephen Northcutt
     ISBN 0735710635

Intrusion Detection by Rebecca G. Bace
     ISBN 1578701856

The rest....  Well, just get on a .edu network and learn.  ;-)

Hope that's of some help!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

General Snort Help! Lorraine Cannavale (Jan 21)
- RE: General Snort Help! Patrice Boulanger (Jan 21)
- Re: General Snort Help! Erek Adams (Jan 21)
  - RE: General Snort Help! Good Book List Gregory W. Ratcliff (Jan 21)
    - Re: General Snort Help! Good Book List Edin Dizdarevic (Jan 22)
  - snort.org recommended reading? (was Re: General Snort Help!) twig les (Jan 21)
    - Re: snort.org recommended reading? (was Re: General Snort Help!) Steve Jones (Jan 22)
  - Re: General Snort Help! Saad Kadhi (Jan 21)
- <Possible follow-ups>
- RE: General Snort Help! Sheahan, Paul (PCLN-NW) (Jan 21)
- RE: General Snort Help! Yaakov Yehudi (Jan 21)
- Re: General Snort Help! larc (Jan 22)