[Snort-users] Where or how to interpret this

shawn . moyer shawn at ...1184...
Sun Apr 8 14:01:06 EDT 2001


"./" wrote:

> However, in future "attacks" like this how can I tell by myself of such
> activity?  Is there a website to learn this from or a book from Amazon
> (could also be on my wishlist :-) ?

Hrmmm... I've been told Stephen Northcutt's book "Intrusion Detection:
An Analyst's Handbook" is good. There are several O'Reilly books on
TCP/IP that I've found useful, also "Building Internet Firewalls", and
"Practical Unix and Internet Security".

As far as websites: http://packetstorm.securify.com and
http://www.securityfocus.com are two of the most useful, although
Securityfocus' new frame-ified layout is painful to navigate. Also
http://phrack.infonexus.com if you want to do some historical reading. 





--shawn

-- 

s h a w n   m o y e r
shawn at ...1184...

"Nuclear war would really set back cable."
                             -- Ted Turner




More information about the Snort-users mailing list