[Snort-users] Tuning a snort IDS

McCammon, Keith Keith.McCammon at ...3497...
Mon Jul 29 06:46:11 EDT 2002


If you're looking for specifics, there's not much to be said without requiring you to post a very detailed network schematic to the Internet for comments.  Tuning an IDS is obviously *very* instance-specific.  And unfortunately there are far too many considerations to list in this type of forum.

In my opinion, the best thing that you can do is get your hands on some good books about IP (and related protocols), Ethernet, and intrusion detection.  TCP/IP Illustrated (Vol. 1) by Richard Stevens is a great (big) handbook to have around.  And Network Intrusion Detection by Northcutt/Novak is one of the better texts on the subject.  If you have a good grasp on network protocols and practical IDS operation, you'll have no problem understanding how you need to tune and test your system.  



> -----Original Message-----
> From: Ashley Thomas [mailto:athomas at ...5484...]
> Sent: Friday, July 26, 2002 9:11 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Tuning a snort IDS
> hi all,
> Do you know if there is any document on tuning a snort IDS or 
> in general
> for any IDS ? Please let me know.
> thanks
> ashley

More information about the Snort-users mailing list