Snort question
Ben Beeson
beesond001 at hawaii.rr.com
Wed May 16 20:02:58 PDT 2001
Jay,
Many thanks!!!
Ben
On Wed, 16 May 2001, you wrote:
> On Mon, 14 May 2001, Ben Beeson wrote:
>
> > 1. How difficult is it to get snort to coexist with other
> > logging apps? By this I mean, I already run a firewall and a port monitoring
> > program. The port monitoring program may not be as good as snort at
> > identifying the kind of attack, but it does catch the common ones and then add
> > a firewall rule to block the offending source IP address when I get scanned.
> > Would this cause a problem with snort as far as you can tell?
>
> i don't have anything else running with snort (except ipmon that comes
> with ipfilter), but i have friends that run it concurrently with apps
> like portsentry so i don't see you having any problems doing what you
> described.
>
> > 2. Can you use snort to drive your firewall automatically?
>
> http://www.snort.org/FAQ.html#q57
>
> > 3. Does snort automatically produce log analysis, or do you
> > need another tool to do this with? I'm not very good at log analysis other
> > than very obvious things such as: "ATTACK ALERT" or "DENY" etc. Even after
> > using linux on the net for upwards of 3 years now, I tend to trust my firewall
> > a little more than I should because I do not know all the intricate details of
> > TCP/IP packets and how they are doctored during attacks. I'm still learning,
> > but I feel blissfully ignorant sometimes...
>
> the cool thing about snort is that with each attack heuristic detected, an
> ID is given that you can look up in the arachNIDS database which is being
> constantly updated with new signatures.
>
> http://whitehats.com/ids/index.html
>
> if you have the time, no girlfriend, and maybe your cable is broken you
> might want to pick up stephen northcutt's book "network intrusion
> detection, an analyst's handbook." the book has detailed examinations of
> remote exploit signatures and scans... very informative. a second edition
> was released recently that's almost twice as thick. i've tried to get
> through the whole thing a few times, but usually wake up a few hours
> later with drool on the book.
>
> > I apologize if these questions are a little detailed, but I am seriously
> > considering installing it, and I thought a little learning up front may help me
> > get better mileage.
>
> no problem. glad to help.
>
> =jay
>
> ------
> "I did nothing, absolutely nothing. And
> it was everything I thought it could be."
>
>
> ---
> You are currently subscribed to luau as: beesond001 at hawaii.rr.com
> To unsubscribe send a blank email to $subst('Email.Unsub')
--
More information about the LUAU
mailing list