Re: snort IDS DFD

["Shawn Truax" <Shawn.Truax () mbs gov on ca>]

It should be possible to create Data Flow Diagrams with Snort.   Assuming you want to look at the Data Flow into your 
network. Make sure you place your sensor at the beginning/entrance to your network and then write a single rule to 
trigger on all SYN packets sent to your network.  This should pick up all connections to your network and where they 
are going.  Next log all this to a mysql database.  Next get yourself a copy of ScanMap3D 
(http://scanmap3d.sourceforge.net/) and send it the data from your database.  This should make a half decent picture of 
the Data Flow on your network.  If your looking for something a little more robust and you have a budget to spend check 
out a product called Intellitatics, it does a great job of helping you visualize your network.  I don't have any 
instruction manuals or know of any.  Everything I have listed is just off the top of my head and all theory, I haven't 
tested or done this before, but hopefully it will help get you started.

Shawn

> > > "f z" <freezc101 () yahoo com> 10/23/03 02:20am >>>
hello..can someone help me how to build DFD of snort
IDS?
i use mysql as my output...is there any references can
i refer?

__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com


-------------------------------------------------------
This SF.net email is sponsored by OSDN developer relations
Here's your chance to show off your extensive product knowledge
We want to know what you know. Tell us and you have a chance to win $100
http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users