[Snort-users] Where or how to interpret this

Erek Adams erek at ...577...
Sun Apr 8 14:53:19 EDT 2001

On Sun, 8 Apr 2001, shawn . moyer wrote:

> Hrmmm... I've been told Stephen Northcutt's book "Intrusion Detection:
> An Analyst's Handbook" is good. There are several O'Reilly books on
> TCP/IP that I've found useful, also "Building Internet Firewalls", and
> "Practical Unix and Internet Security".

Northcutt's is well worth getting.  IMHO, if you get no other books, I'd
suggest Northcutt's Intrusion Detection (2nd ed. just came out in Sept), and
W. Richard Stevens' "TCP/IP Illustrated, Volume 1:  The Protocols".

> As far as websites: http://packetstorm.securify.com and
> http://www.securityfocus.com are two of the most useful, although
> Securityfocus' new frame-ified layout is painful to navigate. Also
> http://phrack.infonexus.com if you want to do some historical reading.

It's amazing the amount of technical details you can find in the Phracks.
It's also amazing the amount of cruft that's in there. ;-)

Erek Adams

More information about the Snort-users mailing list