Snort mailing list archives
Re: snort funtionallity
From: Michael Boman <michael.boman () gmail com>
Date: Fri, 17 Dec 2004 14:58:46 +0800
Take a deep breath and read my answers below... On Fri, 17 Dec 2004 01:35:08 -0500, Nick Smith <nick () computernick com> wrote:
isnt there a way to have snort email you when a serious attack occurs? i thought i remembered reading that some where but cant find it now.
http://www.snort.org/docs/FAQ.txt FAQ #5.9
also is ACID the best console for snort? or are they any better ones out there?
Personally I swear by SGUIL (www.sguil.net), but that's just me ;)
and are there any websites with a list of rules to add to increase security of your snort install without having to write all the rules by hand yourself?
Yes, both www.snort.org and www.bleedingsnort.com updates their rules regulary.
and where would i add those rules?
If you write your own rules you usually put them in local.rules.
and finally this probably goes along with the previous question; i am getting virtually no ICMP (<1%) traffic and no portscan traffic (0%), i know there has to be some traffic for those, and i have a fresh install of snort running, is there something i have to add to get snort to look for that traffic?
Have you enabled the relevant signatures and preprocessors for those?
thanks for any and all help, im very new to snort and acid and need all the help i can get
Don't worry, we all were there at one point of time. My suggestion: Pick up some books on Network IDS and Snort. TCP/IP Illustrated vol. 1 is also recomended. And don't forget Richard's book "The Tao of Network Security Monitoring: Beyond Intrusion Detection". You have some links to sample chapters etc. at http://www.taosecurity.com/books.html Good luck! /Michael Boman ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort funtionallity Nick Smith (Dec 16)
- Re: snort funtionallity Michael Boman (Dec 16)
- Re: snort funtionallity Nick Smith (Dec 16)
- Message not available
- Re: snort funtionallity Michael Boman (Dec 16)
- Re: snort funtionallity Nick Smith (Dec 17)
- Re: snort funtionallity Nerijus Krukauskas (Dec 17)
- Any way to do "default" threshold? Jeff Kell (Dec 17)
- Re: Any way to do "default" threshold? Jeremy Hewlett (Dec 17)
- Re: snort funtionallity Michael Boman (Dec 16)
- Re: snort funtionallity Nick Smith (Dec 17)
- Re: snort funtionallity Dino Dragovic (Dec 17)