[Snort-users] Re: Traffic Analysis

gary.smith at ...3189... gary.smith at ...3189...
Sun Sep 9 02:41:01 EDT 2001


Greg:

I would recommend you get a hold of Stephen Northcutt's works 

Intrusion Detection Analysts Handbook (sorry don't have that to hand for the
ISBN)
Intrusion Signatures and Analysis ISBN:0-7357-1063-5

The second one in particular is superb and would give you an excellent start
in your project.  Most "classic" attacks are in it with snort output and
triggering rules etc.  

You should also check out http://www.sans.org/giac.htm

--Gary;

>Message: 2
>Date: Sat, 08 Sep 2001 14:19:42 -0400
>From: Greg Sarsons <gsarsons at ...530...>
>To: snort-users at lists.sourceforge.net
>Subject: [Snort-users] traffic analysis

>I'm working on a school project that will deal with traffic analysis ...
>usage statistics, what traffic is being seen, unexpected traffic etc.

>Does anyone have thoughts on using snort to accomplish this?



**********************************************************************
Information contained herein is the sole responsibility of the Individual
sending the message. No responsibility is admitted by Scottish Amicable
for any loss or damage incurred through use of the email. In addition, no
statement should be construed as giving investment advice within or
outside the United Kingdom.
An email reply to this address may be subject to interception or monitoring
for operational reasons or for lawful business practices.
*********************************************************************




More information about the Snort-users mailing list