[Snort-Users] new to snort and intrusion detection

Cloppert, Michael Michael.Cloppert at ...5884...
Fri May 9 07:51:04 EDT 2003

> -----Original Message-----
> From: Michael Boman [mailto:michael.boman at ...4162...]
> Sent: Friday, May 09, 2003 12:53 AM
> To: Jonathan Jesse
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-Users] new to snort and intrusion detection
> On Fri, 2003-05-09 at 01:47, Jonathan Jesse wrote:
> > What I?m looking for is some help on how to learn how to 
> use snort to
> > its fullest, any sources/documentation to the best use out of it?
> Using snort and doing intrusion detection is two different beasts that
> works hand-in-hand. Below I list some good books that can 
> help you along
> the way:
> Network Intrusion Detection: An Analyst's Handbook
> Stephen Northcutt, Donald McLachlan, Judy Novak
> New Riders Publishing; ISBN: 0735710082
> Intrusion Signatures and Analysis
> Mark Cooper, Stephen Northcutt, Matt Fearnow, Karen Frederick
> New Riders Publishing; ISBN: 0735710635
> Incident Response: Investigating Computer Crime
> Chris Prosise, Kevin Mandia
> McGraw-Hill Professional Publishing; ISBN: 0072131829

I own both of these, and the Northcutt/Novak book is always the FIRST ONE I
recommend to EVERYONE asking about NIDS - it's the difinitive guide, IMHO.
I would also like to recommend:
Internetworking with TCP/IP, Vol. 1
Douglas E. Comer
Prentice Hall, ISBN: 0-13-216987-8

Douglas E Comer was (I believe) one of the fundamental people involved in
the development of the TCP/IP - this book is a must-have for anyone who ever
has to look at a packet.

Mike Cloppert, GCIA

More information about the Snort-users mailing list