[Snort-users] Snort noob questions

Joel Esler jesler at ...1935...
Fri Apr 19 16:39:26 EDT 2013


On Apr 19, 2013, at 3:56 PM, Scott Bonar <sbonar at ...11827...> wrote:

> Hopefully some quick questions from a Snort 'noob'.
> 
> 1) got Snort up and running but I was curious, what is the best way to 
> test it?

Browse the internet for a bit!  ;)

No, really, maybe some metasploit, icmp traffic?  Something like that.

> 2) what is the difference between ClamAV and Snort since it appears as 
> if Snort has anti-virus/anti-spam/anti-phishing rules?

ClamAV operates on files, on end hosts.  Snort is a network detection tool that watches traffic as it goes by and stops it (if in IPS mode).  The detection is written by the same people at the same time, so everything that Snort has a rule for ClamAV also has a rule for.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130419/44f5e65d/attachment.html>


More information about the Snort-users mailing list