[Snort-users] Tao of doing it right: Ignoring bad advice and doing it the Bilano way!

Billy B. Bilano mr.bill.bilano at ...13069...
Tue Feb 22 12:53:50 EST 2005

Hasta la hola, dudes!

The intrepid Bill Bilano here and I need some help with the Snorter... I 
was reading up on the competition and was thinking about using them 
instead of Snart until I started reading their stupid docs. But then it 
is so cool, so I set out to see if Snorpt can do the same stuff that 
this other thinger does...

See, at first I decided I would use this Squil IDS thing but that crazy 
Russian guy that wrote down the docs said I needed to keep every packet 
in a database (who has time for being a packet rat like that?) to make 
sure I don't get hackered by the nerds! Well that makes a whole hell of 
a lot of sense! If you keep them online in a database and you get hacked 
then the hacker will be able to just copy and paste them packets and 
whammo! Instant replay attack! Maybe I should I gift wrap them too? 
Smart thinking there you Bolshevik dundernuts! First Northcut drops his 
drawers at SANS and now this Betjitch guy wants to pinch it off for the 
hackers! His book should be called Tao of Network Reach-arounds!

Anyway, so I was thinking about what to do while working on trying to 
get the air vent on the wall to point more at my face when I got my foot 
caught on the mouse cable and I tripped and my USB memo-sticker went 
flying down the air vent and my Shasta spilled all over my lunch! I had 
to get it back because it had all my recipes on it as well as all the 
SSL certificates for the bank so I jumped from my chair and took off 
like a nut!

So, I went down into the basement to give a look see around to see about 
finding it (the basement at the bank is a huge place with lots of dark 
tunnels and empty rooms I almost expected to see Geraldo down there 
poking his beak into something dumb again). Anyway, I found this one 
room that had a garage door thingy and it was locked. So I got this 
security guy (or so he says, he just hangs out down by the ladies room 
in the lobby and he has a beater stick thing that shocks people, believe 
me I know) and he unlocked the room and all I found were about fifty old 
impact printers. Crapo!

So I was sitting on the throne Friday night and then this idea plopped 
into my head! It was so good, that I called my white-cracker friends at 
the IARC and they were so excited by my idea they just starting giggling 
like school kids and hung up and then they probably went back to their 
squirrels or whatever the hell it is they use to amuse themselves while 
they do nothing all day long but expropriate my tax dollars. Anyway, I 
thought that instead of keeping the packets in some stupid database 
where they can get stolen, why not use these old printers to make harder 
copies instead? Then, if something that smells like fish happens later, 
I can get out the packet logs, turn to the correct page, scan in the 
relevant packets, and use some OCR software to put them back into 
something for the Snoart to look and parse through! So, these printers 
really worked out greaty great good for me and that basement room became 
my new glory hole for the entire weekend!

So, to make a long story better, I ordered up some fresh meat for the 
grinder (some interns from the local community college you know those 
people they are all destitute vagrants who think they can get smarter 
than Bill by reading about how not to make babies in the workplace). So 
I assigned these crappy interns to printer detail in the basement to 
change paper and load ink - we get a ton of traffic on our OC3!

Does anyone else have interns working for them? Because these kids are 
stupid! All they've done all day is complain about the noise and you 
know what? I already was generous enough to buy them some earmuffs. One 
of them already quit after only one day of this! Kids these days are 
unreliable and only concerned about themselves. They don't understand 
that they are hired to do a job... do they really think that I am going 
to stand down there around all those noisy printers? Give moi a breaker!

Anyway... so now I am looking for some hot cool OCR software for *NIX to 
work with my drum scanner so I can test my theory out... can anyone make 
any recommendations?

P.S. My bloglog is still here <http://www.bilano.biz/> and you should 
read it because it is the best!

Mr. Billy B. Bilano, MSCE, CCNA
Expert Sysadmin Since 2003!

More information about the Snort-users mailing list