[Snort-users] Trending

JJC cummingsj at ...11827...
Wed Jul 13 16:27:41 EDT 2011


Any tool can be useful here, but if you want your own stats I would suggest
querying the database itself and generating them.  Also, if you want bad
guys that are scanning ports regularly then I would just use an already
known list for that type of stuff and kill them at your firewall.  Portscan
detection has very low value in the overall scheme of you trying to catch a
bad guy.

Just my .02

JJC

On Wed, Jul 13, 2011 at 2:20 PM, Lay, James <james.lay at ...15009...>wrote:

> Hey all!****
>
> ** **
>
> So…I’ve got Snorby installed…it was a hoot, but it’s done now.  My goal for
> the GUI is to easily see trends over time….try and catch the bad guys that
> scan 5 ports a day and junk like that.  Is Snorby the best for this or is
> there something else better out there?  Thanks for any advice.****
>
> ** **
>
> James****
>
>
> ------------------------------------------------------------------------------
> AppSumo Presents a FREE Video for the SourceForge Community by Eric
> Ries, the creator of the Lean Startup Methodology on "Lean Startup
> Secrets Revealed." This video shows you how to validate your ideas,
> optimize your ideas and identify your business strategy.
> http://p.sf.net/sfu/appsumosfdev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please see http://www.snort.org/docs for documentation
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110713/a49c4fff/attachment.html>


More information about the Snort-users mailing list