[Snort-users] learning snort

Joel Esler joel.esler at ...1935...
Wed Sep 28 12:58:53 EDT 2005


Snot, IIRC, isn't going to be much use to you now that Snort has  
stream tracking.  Since Snot's attacks are based off of a general  
packet..  (no flow being established)..  I don't think it will work.

Try out a vulnerability assessment tool like Nessus.

joel


On Sep 28, 2005, at 3:46 PM, James B Horwath wrote:

> I am in the process of studying for the GCIA second exam which covers
> snort setup and use.  I have been reading the mailing list, snort
> documentation and playing with a small controlled snort setup.  
> Although
> RTFM is great, I learn better by actually doing hands on things.  I am
> using a packet crafting tool like hping2 to watch and learn how snort
> works.  I have been reading about tools like snot which use the snort
> configuration and build packets based on the configuration.  This  
> seems
> like an ideal way to learn more about snort behavior. I am having  
> trouble
> finding snot, are there any other tools recommended to exercise  
> snort and
> learn the what, why's and how.  I don't have access to any large  
> network
> to  try a live implementation, so my small and humble lab is the  
> best I
> can do.  Any recommendations I would really appreciate.
>
> Regards,
> Jim
>
>
> -----------------------------------------
> This message, and any attachments to it, may contain information that
> is privileged, confidential, and exempt from disclosure under
> applicable law.  If the reader of this message is not the intended
> recipient, you are notified that any use, dissemination, distribution,
> copying, or communication of this message is strictly prohibited.  If
> you have received this message in error, please notify the sender
> immediately by return e-mail and delete the message and any
> attachments.  Thank you.
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads,  
> discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>





More information about the Snort-users mailing list