[Snort-users] Help with Snort setup

Asceta asceta at ...7692...
Tue Sep 14 16:17:05 EDT 2004

I agree... People learning about snort, learn about os's, security,
tcp/ip... They have possibility to learn about ip-world  - and how to watch
their backs in that world.

And if it cools them - they do it better, faster, deeper. With 'more love'.

Some people learn by reading, some learn by asking, some learn by trying...

Good luck for all of you :))

Arkadiusz Majer

> I have to agree with you on a lot of what you said, but... 
> the setup guides have helped a lot of people transition over 
> to Linux for security products.  Some people like this guy 
> seem to have no business running snort or being responsible 
> for security (at least from what I have seen from his posts, 
> he may be the brightest guy in the world and just be having a 
> really really bad week) but others who can read directions 
> and understand basics benefit from them.  I am a little 
> biased seeing as I wrote one of them and have seen a lot of 
> people learn more about security and Linux in general from 
> playing with them.  They just needed a little help in the 
> beginning, but these people had the will and desire to learn. 
>  They find Infosec interesting, they stay on mailing lists 
> like this and try to help people learn and get better at there jobs.
> The people that expect the regulars to be a 24/7 tech support 
> with platinum level support response time are just 
> unrealistic.  I have and will continue to help as many people 
> as I can learn more about security, as long as those people 
> take the time to understand what they are doing and can 
> follow directions when they are doing for the first time and 
> don't have a clue.  I will also hopefully continue to learn 
> from people on this list how to better do my job (seeing as a 
> major part of it is working with IDS)
> -----Original Message-----
> From: sekure [mailto:sekure at ...11827...]
> Sent: Tuesday, September 14, 2004 10:01 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Help with Snort setup
> Is it just me or is the list getting more and more emails of the
> content: "I don't know Unix, or Windows, or networking, but I 
> want to setup Snort, please help me."?
> Pardon the stupid question, but even if after enlisting the 
> help of everyone on the list you do manage to somehow get 
> Snort up and running, what purpose can it possibly serve?  
> All of the alerts generated are fairly complex and require at 
> least some understanding of the underlying OS and networking 
> technology to analyze them, not to mention separate false 
> positives from the rest of the traffic, tune the rules, 
> follow up on alerts, etc. This is why I feel that the step by 
> step guides are almost a disservice, they make Snort 
> accessible to people who don't know what to do with it. And 
> even the guides themselves generate a load of questions.
> I almost feel like there should be a variaton on the amusement park
> sign: "You must know this much to run Snort"...
> IDS is not a set it and forget it solution, and not a magic bullet. 
> Just "setting up Snort" will not make you magically more 
> secure.  So unless you are willing to dedicate serious time 
> to it, don't even bother.  And if you are, search the 
> archives, read the FAQ, search the archives, learn how to 
> build from scratch, did I mention search the archives?  
> Reading the rules to the Snort-Users Drinking Game wouldn't 
> hurt either, you'll know the questions NOT to ask.
> I digress....
> -------------------------------------------------------
> This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one 
> of 170 Project Admins to receive an Apple iPod Mini FREE for 
> your judgement on who ports your project to Linux PPC the 
> best. Sponsored by IBM. 
> Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> Disclaimer:
> This electronic message, including any attachments, is 
> confidential and intended solely for use of the intended 
> recipient(s). This message may contain information that is 
> privileged or otherwise protected from disclosure by 
> applicable law. Any unauthorized disclosure, dissemination, 
> use or reproduction is strictly prohibited. If you have 
> received this message in error, please delete it and notify 
> the sender immediately. 
> -------------------------------------------------------
> This SF.Net email is sponsored by: thawte's Crypto Challenge 
> Vl Crack the code and win a Sony DCRHC40 MiniDV Digital 
> Handycam Camcorder. More prizes in the weekly Lunch Hour Challenge.
> Sign up NOW http://ad.doubleclick.net/clk;10740251;10262165;m
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users

More information about the Snort-users mailing list