[Snort-users] Snort-IDS-HOWTO

Gregor Binder gbinder at ...462...
Fri Oct 27 11:18:38 EDT 2000

Andrea Barisani on Fri, Oct 27, 2000 at 01:08:15PM +0200:


> I think that it would be nice writing a general IDS-HOWTO, defining common
> intrusion detection system installation and configuration but also general
> policies and actions to take against an intrusion, rules for
> interpretation of log files and packet dump, hints for avoiding false
> alerts, other general procedures for maintenance and so on...

the things you mention are enough to fill a book if you want to do
more than scratch the surface of each topic. In fact, they have
already filled a book (Stephen Northcutt, Network Intrusion Detection,
An Analyst's Handbook) that I can recommend if you are looking for
general information.

Don't expect to find installation instructions for specific products,
this in turn is what I would think a HOWTO is for. Even though I don't
find snort particularly hard to deploy and the documentation that
comes with it is fairly good in that respect.

Don't let that stop you though .. :)


Gregor Binder  <gbinder at ...462...>  http://www.sysfive.com/~gbinder/
sysfive.com GmbH             UNIX. Networking. Security. Applications.
Gaertnerstrasse 125b, 20253 Hamburg, Germany       TEL +49-40-63647482

More information about the Snort-users mailing list