[Snort-users] Tcpdump, alerts and portscans
emf at ...367...
Mon Jun 25 17:20:30 EDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, Jun 25, 2001 at 05:02:13PM -0400, Jason Lewis wrote:
> Hmmmm....... Well how about something that does analysis on the tcpdump
> file to detect portscans? Maybe even something to correlate data once it is
> in ACID?
Uh.. I don't think you want to do that. You'd have to basically capture all
your network traffic and stash it in the db and then have tools grovelling
over it... you'd never catch up.. (Hmm. sounds like WebTr***s...)
Security Administrator, ServerVault, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the Snort-users