[Snort-users] Win32-snort users

Erickson Brent W KPWA erickson at ...160...
Wed Jul 26 17:56:03 EDT 2000


I have also been using Snort both on Mandrake Linux and Win32. 

I would be very interested in finding Perl scripts to organize alerts in a
report and also have a tool or script to e-mail me during certain alerts.

Right now all my alerts go into the NT event viewer. I would like to run
Snort with a highly customized rule set on a web server in our DMZ and have
the script e-mail me during certain alerts.

I have run all possible NMAP scans against Snort on NT (Version 1.6) and it
does an excellent job of catching sA, sW, sM, sF, sX and fragmented scans.
Snort also gives meaningful alerts when I run NMAP using certain source
ports such as 21 and 20.

Brent Erickson

-----Original Message-----
From: H Carvey [mailto:keydet89 at ...131...]
Sent: Wednesday, July 26, 2000 12:19 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Win32-snort users


I am using Win32-snort...have been since about a day
after it was released.  

I'd like to know if anyone else is using it.  I'd also
like to know if anyone else is looking for NT-based
Perl scripts to put their alerts into some kind of 
report.

Right now, I use a Perl script that produces:

http://patriot.net/~carvdawg/idsreport.html

It pulls snort alerts from the EventLog, and puts them
in a table.  The script then runs nmapNT against each
of the unique IP addresses.

Carv

__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users





More information about the Snort-users mailing list