[Snort-users] Course on IDS Log Interpertation

Dr SuSE drsuse at ...748...
Wed Nov 22 12:38:41 EST 2000


Let me give you a run down of what I setup tonight so that I can learn
more about attack signatures.

What I did was install Nessus (www.nessus.org) on my SuSE Linux box.  I
then ran sniffer pro on my NT machine and I'm running each Nessus plugin
individually.  Once I run one attack, I go to the NT machine and look at
the sniffer data then compare what I come up with to the corresponding
rule in Snort.  I figure this is a good way to learn NIDS analysis and at
the same time learn how to write Snort rules.

Just thought I'd share the method with ya.


Dr SuSE

"Microsoft ist nicht installiert"

On Wed, 22 Nov 2000, Christopher Northrop wrote:

> Yo group,
> 
>      Just wondering if anyone has heard of any courses on "The Art of
> Interpreting your IDS data/logs".  Maybe some guru out there might consider
> offering a similar course? Hands on would be nice..
> 
> Chris N.
> _____________________
> "Danger, Danger, Danger-
> Best not muck with it, If you
> know what's good for you"
> Steve Irwin,
> A.K.A.- Croc. Hunter
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
> 




More information about the Snort-users mailing list