[Snort-users] Tao of doing it right: Ignoring bad advice and doing it the Bilano way!
Billy B. Bilano
mr.bill.bilano at ...13069...
Tue Feb 22 12:53:50 EST 2005
Hasta la hola, dudes!
The intrepid Bill Bilano here and I need some help with the Snorter... I
was reading up on the competition and was thinking about using them
instead of Snart until I started reading their stupid docs. But then it
is so cool, so I set out to see if Snorpt can do the same stuff that
this other thinger does...
See, at first I decided I would use this Squil IDS thing but that crazy
Russian guy that wrote down the docs said I needed to keep every packet
in a database (who has time for being a packet rat like that?) to make
sure I don't get hackered by the nerds! Well that makes a whole hell of
a lot of sense! If you keep them online in a database and you get hacked
then the hacker will be able to just copy and paste them packets and
whammo! Instant replay attack! Maybe I should I gift wrap them too?
Smart thinking there you Bolshevik dundernuts! First Northcut drops his
drawers at SANS and now this Betjitch guy wants to pinch it off for the
hackers! His book should be called Tao of Network Reach-arounds!
Anyway, so I was thinking about what to do while working on trying to
get the air vent on the wall to point more at my face when I got my foot
caught on the mouse cable and I tripped and my USB memo-sticker went
flying down the air vent and my Shasta spilled all over my lunch! I had
to get it back because it had all my recipes on it as well as all the
SSL certificates for the bank so I jumped from my chair and took off
like a nut!
So, I went down into the basement to give a look see around to see about
finding it (the basement at the bank is a huge place with lots of dark
tunnels and empty rooms I almost expected to see Geraldo down there
poking his beak into something dumb again). Anyway, I found this one
room that had a garage door thingy and it was locked. So I got this
security guy (or so he says, he just hangs out down by the ladies room
in the lobby and he has a beater stick thing that shocks people, believe
me I know) and he unlocked the room and all I found were about fifty old
impact printers. Crapo!
So I was sitting on the throne Friday night and then this idea plopped
into my head! It was so good, that I called my white-cracker friends at
the IARC and they were so excited by my idea they just starting giggling
like school kids and hung up and then they probably went back to their
squirrels or whatever the hell it is they use to amuse themselves while
they do nothing all day long but expropriate my tax dollars. Anyway, I
thought that instead of keeping the packets in some stupid database
where they can get stolen, why not use these old printers to make harder
copies instead? Then, if something that smells like fish happens later,
I can get out the packet logs, turn to the correct page, scan in the
relevant packets, and use some OCR software to put them back into
something for the Snoart to look and parse through! So, these printers
really worked out greaty great good for me and that basement room became
my new glory hole for the entire weekend!
So, to make a long story better, I ordered up some fresh meat for the
grinder (some interns from the local community college you know those
people they are all destitute vagrants who think they can get smarter
than Bill by reading about how not to make babies in the workplace). So
I assigned these crappy interns to printer detail in the basement to
change paper and load ink - we get a ton of traffic on our OC3!
Does anyone else have interns working for them? Because these kids are
stupid! All they've done all day is complain about the noise and you
know what? I already was generous enough to buy them some earmuffs. One
of them already quit after only one day of this! Kids these days are
unreliable and only concerned about themselves. They don't understand
that they are hired to do a job... do they really think that I am going
to stand down there around all those noisy printers? Give moi a breaker!
Anyway... so now I am looking for some hot cool OCR software for *NIX to
work with my drum scanner so I can test my theory out... can anyone make
P.S. My bloglog is still here <http://www.bilano.biz/> and you should
read it because it is the best!
Mr. Billy B. Bilano, MSCE, CCNA
Expert Sysadmin Since 2003!
'C:\WINDOWS, C:\WINDOWS\GO, C:\PC\CRAWL' -- RMS
More information about the Snort-users