Snort mailing list archives
Re: Ourmon
From: Alex Tatistcheff <alext () pobox com>
Date: Thu, 9 Dec 2010 21:37:38 -0800
You can also use hogger to build your host attribute table using NMAP. http://code.google.com/p/hogger/ Alex Tatistcheff alext () pobox com The most terrifying words in the English language are, "I'm from the government and I'm here to help." -Ronald Reagan On Wed, Dec 8, 2010 at 9:04 AM, Jefferson, Shawn < Shawn.Jefferson () bcferries com> wrote:
The closest thing I’ve heard of to a “learning mode” with Snort, is to run PRADS to build your Host Attribute table, so that Snort knows what OSes are running and what services on what ports are on your network. The Host Attribute table applies to the stream and frag preprocessors, as well as to some rules (ie. http rules that can apply if you are running a web server on a non-standard port). ------------------------------ *From:* Andres Carrera [mailto:protoss_black88 () hotmail com] *Sent:* Thursday, November 18, 2010 9:03 AM *To:* snort-devel () lists sourceforge net; snort-users () lists sourceforge net *Subject:* [Snort-users] Ourmon Hi, snort (any version) can work with ourmon [http://ourmon.sourceforge.net/]? or there is something I can do to install snort and ourmon together.. or maybe is there something very similar to ourmon that I can use with snort..? I want to build a "snort learning machine" so, it can study the traffic from a network and then with that learned mode finished, I want to begin a detection mode. Please somebody that knows how to make a learning mode with snort, please let us know about it. Regards, Abdon Carrera ------------------------------------------------------------------------------ This SF Dev2Dev email is sponsored by: WikiLeaks The End of the Free Internet http://p.sf.net/sfu/therealnews-com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Ourmon Andres Carrera (Nov 18)
- Re: Ourmon Jefferson, Shawn (Dec 08)
- Re: [Snort-users] Ourmon Andres Carrera (Dec 08)
- Re: [Snort-users] Ourmon Edward Fjellskål (Dec 08)
- Re: Ourmon Alex Tatistcheff (Dec 09)
- Re: [Snort-users] Ourmon Andres Carrera (Dec 08)
- Re: Ourmon Jefferson, Shawn (Dec 08)