[Snort-users] Tcpdump, alerts and portscans

Erik Fichtner emf at ...367...
Mon Jun 25 17:20:30 EDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Jun 25, 2001 at 05:02:13PM -0400, Jason Lewis wrote:
> Hmmmm.......  Well how about something that does analysis on the tcpdump
> file to detect portscans?  Maybe even something to correlate data once it is
> in ACID?

Uh.. I don't think you want to do that.  You'd have to basically capture all
your network traffic and stash it in the db and then have tools grovelling
over it... you'd never catch up..  (Hmm. sounds like WebTr***s...)

- -- 
Erik Fichtner
Security Administrator, ServerVault, Inc.
703-333-5900
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7N6seQ7EzrewLMS0RAlXGAKDNYYIUSB3jcwE+35afId/GsKHBAACfQHUI
6zH4iQ9Pv/JVJEWjNFCpCKw=
=T0Bz
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list