[Snort-users] Spade available via Snortenstein
hoagland at ...47...
Thu Oct 10 09:04:03 EDT 2002
This message is for Linux Snort users (and for Snort users that have
access to a Linux box). Spade version 021008.1 is now available via
It is in the snort_1_9/spade suite.
From the Snortenstein summary: "Snortenstein is an automated
patching system for Snort. Snortenstein guides you through the
process of choosing/selecting the patches you want to apply to Snort,
and then automatically patches your local Snort source tree."
For those that don't know, Spade is a Snort add-on which gives Snort
the ability to do statistical anomaly detection. That is, it enables
Snort to find packets that are unusual relative to other packets on
your network. This means that they may be suspicious, e.g., they are
part of a portscan. Best of all, its pretty fast and all you need to
tell it about your network is what your networks IP ranges are.
To install Spade into Snort using Snortenstein:
1) Download and unpack the source distribution of Snort 1.9.0 if you
haven't already already.
2) Get Snortenstein following the 2 steps here:
3) From your snort-1.9.0 directory, run Snortenstein's runme program
with the argument 'snort_1_9/spade'.
E.g., ../snortenstein/runme snort_1_9/spade
4) Type 'y' for both the packet-cloning and the Spade patch.
That's it. Then just build Snort like normal.
Spade information is available from:
(A Spade tarball is also available for download there.)
Thanks to Ben Feinstein for his work on Snortenstein and for making
Spade available from it.
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* --- Silicon Defense: IDS Solutions --- *|
|* hoagland at ...47..., http://www.silicondefense.com/ *|
|* Voice: (530) 756-7317 Fax: (530) 756-7297 *|
More information about the Snort-users