[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    Re: [Snort-users] Snort signautures (understanding snort
From:       Matt Kettler <mkettler () evi-inc ! com>
Date:       2003-02-28 21:02:15
[Download RAW message or body]

1) For many signatures you can get some documentation by going to the 
snort.org website and entering the SID number of the rule into the "rules 
documentation" part.

Note that none of this will be a "simple" explanation, because there is no 
simple explanation possible. You're looking at output from the analysis of 
an inherently complicated problem.

If the messages in most of the snort alerts don't mean anything to you 
right away, you might want to read an old post on this subject I made, it's 
very well written, and very thorough about the kinds of things a 
snort-admin should know about networks.

That message is web-archived here:
http://archives.neohapsis.com/archives/snort/2002-12/0474.html


2) nope, you just need to start snort and give it a config file, after 
properly editing the snort.conf to include proper definitions for things 
like HOME_NET. You might want to use some commandline switches to tell it 
what interface to listen on, etc, but these are all fairly straightforward 
if you read the manpage for snort.

3) I can't help you with idscenter, I've never used it.

At 01:43 PM 2/28/2003 +0000, SUDAGER BILKHU wrote:
>Hi all,
>
>I have recently set up Snort as part of my final year project at
>University.  I have configured Snort to monitor traffic between 4
>computers, to demonstarte how Snort detects unauthorised traffic.
>
>My first question is, where can I find documentation on determining what
>the signatures I receive mean?
>
>Secondly are there a number of commands that I should use to tell Snort
>to start monitoring?  How do I perform a port scan?
>
>Thirdly I downloaded a front end for my Snort system.  The file is
>called idscenter.zip.  It was downloaded from the download section on
>snort.org, in the add ons section under front ends.  There is no
>documentation with this.  Does anybody use such a system and if so do
>they know where I can get documentation.
>
>I would really appreciate any kind of feedback.  I am at the moment only
>a novice but have been reading a lot about Snort and want to find out
>more.
>
>Thanks for your time



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[prev in list] [next in list] [prev in thread] [next in thread]