[Snort-users] Spade available via Snortenstein

James Hoagland hoagland at ...47...
Thu Oct 10 09:04:03 EDT 2002


Greetings,

This message is for Linux Snort users (and for Snort users that have 
access to a Linux box).  Spade version 021008.1 is now available via 
Snortenstein:

    http://sourceforge.net/projects/snortenstein/

It is in the snort_1_9/spade suite.

 From the Snortenstein summary:  "Snortenstein is an automated 
patching system for Snort. Snortenstein guides you through the 
process of choosing/selecting the patches you want to apply to Snort, 
and then automatically patches your local Snort source tree."

For those that don't know, Spade is a Snort add-on which gives Snort 
the ability to do statistical anomaly detection.  That is, it enables 
Snort to find packets that are unusual relative to other packets on 
your network.  This means that they may be suspicious, e.g., they are 
part of a portscan.  Best of all, its pretty fast and all you need to 
tell it about your network is what your networks IP ranges are.

To install Spade into Snort using Snortenstein:

1) Download and unpack the source distribution of Snort 1.9.0 if you 
haven't already already.

    http://www.snort.org/dl/snort-1.9.0.tar.gz

2) Get Snortenstein following the 2 steps here:

    http://sourceforge.net/cvs/?group_id=57280

3) From your snort-1.9.0 directory, run Snortenstein's runme program 
with the argument 'snort_1_9/spade'.

    E.g., ../snortenstein/runme snort_1_9/spade

4) Type 'y' for both the packet-cloning and the Spade patch.

That's it.  Then just build Snort like normal.

Spade information is available from:

   http://www.silicondefense.com/software/spice/

(A Spade tarball is also available for download there.)

Thanks to Ben Feinstein for his work on Snortenstein and for making 
Spade available from it.

Best regards,

   Jim
-- 
|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland at ...47..., http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|




More information about the Snort-users mailing list