[Snort-users] Help with Snort setup

M Shirk shirkdog_linux at ...125...
Wed Sep 15 01:40:09 EDT 2004


I commend everyone for biting down and helping the posters on this mailling 
list.

Some of the recent posts for installation of Snort have gone around in 
circles (even reposting the same errors).

If we have knowledge of Snort or *nix, then the right thing to do is share 
it. However, some things must be learned with hands on experience. I only 
know *nix because I took time and learned on my own. There was no 
requirement, or deadline to meet, just for the fun of learning it. Then, 
when I became involved with IDS, I simply sat down and messed around with 
Snort (and was able to use ALL OF THE INFORMATION provided from snort.org, 
Thanks Pat).

You have to want to learn this stuff, or it will never be retained. Touching 
upon your one point, this stuff is meaningless unless you understand all of 
the underlying technology. It is impossible to work in security without the 
ability to constantly learn and adapt to technology as it is available.

as others have said.....my 2 cents

Shirkdog



>From: sekure <sekure at ...11827...>
>Reply-To: sekure <sekure at ...11827...>
>To: "snort-users at lists.sourceforge.net" <snort-users at lists.sourceforge.net>
>Subject: [Snort-users] Help with Snort setup
>Date: Tue, 14 Sep 2004 11:01:00 -0400
>
>Is it just me or is the list getting more and more emails of the
>content: "I don't know Unix, or Windows, or networking, but I want to
>setup Snort, please help me."?
>
>Pardon the stupid question, but even if after enlisting the help of
>everyone on the list you do manage to somehow get Snort up and
>running, what purpose can it possibly serve?  All of the alerts
>generated are fairly complex and require at least some understanding
>of the underlying OS and networking technology to analyze them, not to
>mention separate false positives from the rest of the traffic, tune
>the rules, follow up on alerts, etc. This is why I feel that the step
>by step guides are almost a disservice, they make Snort accessible to
>people who don't know what to do with it. And even the guides
>themselves generate a load of questions.
>
>I almost feel like there should be a variaton on the amusement park
>sign: "You must know this much to run Snort"...
>
>IDS is not a set it and forget it solution, and not a magic bullet.
>Just "setting up Snort" will not make you magically more secure.  So
>unless you are willing to dedicate serious time to it, don't even
>bother.  And if you are, search the archives, read the FAQ, search the
>archives, learn how to build from scratch, did I mention search the
>archives?  Reading the rules to the Snort-Users Drinking Game wouldn't
>hurt either, you'll know the questions NOT to ask.
>
>I digress....
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
>Project Admins to receive an Apple iPod Mini FREE for your judgement on
>who ports your project to Linux PPC the best. Sponsored by IBM.
>Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee® 
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963





More information about the Snort-users mailing list