Snort question

Ben Beeson beesond001 at hawaii.rr.com
Wed May 16 20:02:58 PDT 2001 

Jay,

	Many thanks!!!

Ben

On Wed, 16 May 2001, you wrote:
> On Mon, 14 May 2001, Ben Beeson wrote:
> 
> > 		1.  How difficult is it to get snort to coexist with other
> > logging apps? By this I mean, I already run a firewall and a port monitoring
> > program.  The port monitoring program may not be as good as snort at
> > identifying the kind of attack, but it does catch the common ones and then add
> > a firewall rule to block the offending source IP address when I get scanned.
> > Would this cause a problem with snort as far as you can tell?
> 
> i don't have anything else running with snort (except ipmon that comes
> with ipfilter), but i have friends that run it concurrently with apps
> like portsentry so i don't see you having any problems doing what you
> described.
> 
> > 		2.  Can you use snort to drive your firewall automatically?
> 
> http://www.snort.org/FAQ.html#q57
> 
> > 		3.  Does snort automatically produce log analysis, or do you
> > need another tool to do this with?  I'm not very good at log analysis other
> > than very obvious things such as: "ATTACK ALERT"  or "DENY" etc.  Even after
> > using linux on the net for upwards of 3 years now,  I tend to trust my firewall
> > a little more than I should because I do not know all the intricate details of
> > TCP/IP packets and how they are doctored during attacks.  I'm still learning,
> > but I feel blissfully ignorant sometimes...
> 
> the cool thing about snort is that with each attack heuristic detected, an
> ID is given that you can look up in the arachNIDS database which is being
> constantly updated with new signatures.
> 
> http://whitehats.com/ids/index.html
> 
> if you have the time, no girlfriend, and maybe your cable is broken you
> might want to pick up stephen northcutt's book "network intrusion
> detection, an analyst's handbook."  the book has detailed examinations of
> remote exploit signatures and scans... very informative.  a second edition
> was released recently that's almost twice as thick.  i've tried to get
> through the whole thing a few times, but usually wake up a few hours
> later with drool on the book.
> 
> > I apologize if these questions are a little detailed, but I am seriously
> > considering installing it, and I thought a little learning up front may help me
> > get better mileage.
> 
> no problem. glad to help.
> 
> =jay
> 
> ------
> "I did nothing, absolutely nothing.  And
>  it was everything I thought it could be."
> 
> 
> ---
> You are currently subscribed to luau as: beesond001 at hawaii.rr.com
> To unsubscribe send a blank email to $subst('Email.Unsub')
--

More information about the LUAU mailing list