[Snort-users] Any Interest?
jsage at ...2022...
Thu Jan 17 06:31:03 EST 2002
Speaking for myself and possibly others, it would be *greatly*
appreciated if you did *not* post in html format.
I have a feeling that a significant number of people wouldn't even
accept an html-formatted email: those email clients that render *all*
the html tags, for example, completely overwhelm the actual text of your
message because the tags are really just text, too.
I would be willing to bet that some procmail filters just send this sort
of thing to /dev/null...
...just a thought.
The web page you seek
cannot be found here:
countless others await
Brian Bartlett wrote:
> Let me try again, J
> I'm new to this list as of last week so this question may be redundant.
> At the risk of starting an OS/NOS religious war I have been playing with
> the WIN32 port of snort since September. I started with just the simple
> command line version and have slowly added more of the wiz bang
> enhancements as I went. I am presently running 3 sensors. One is just
> the basic command line version alerting through IDSCenter on my
> broadband connection at home. The others are the win32 MYSQL compile on
> windows 2000 on my laptop and a test server at work. I have installed
> and configured ACID on IIS 5.0 and the win32 release of Apache. I am
> using textPad, IDSCenter and IDS Policy Manager (ActiveWorx) as
> configuration tools. Through the months of testing I have kept the
> original alert.ids file current with all the data gathered by the
> sensors. Obviously this is not the ideal place to keep this info. Which
> leads me to my questions.
> 1. Is there a tool or command line to parse
> this info into my MYSQL database (I'm not a SQL
> guru but have dabbled and am not afraid of SQL
> scripts :-) )?
> 2. This one is more general but once I have
> all this info into the db I can at least look at
> it with ACID and start to see trends. What are
> the "Best Practices" for tuning my rules based
> on my data to reduce false positives and then
> modify alerting to include email and/or pager
> 3. I am using NmapNT and Netcat for NT to
> scan and probe my sensors to produce alerts. Any
> other neat tools I should be using to tune the
> 4. My home network and laptop have a
> software firewall installed on them (Tiny
> Personal Firewall). Will this affect the sensors
> installed on these PCs? If I understand the
> WinPcap docs this driver lies beneath the IP
> stack and should see the packets before the
> firewall does, correct?
> Thanks in advance for any help.
> Brian D. Bartlett
More information about the Snort-users