[Snort-users] Snort noob questions

Caleb Jaren tropism.prophet at ...11827...
Sun Apr 21 20:02:24 EDT 2013

If this helps, I've always used an nmap Xmas scan against a host in the
monitored segment. The scan (iirc) would be something like "nmap  -v -sX
<target ip>".

What Joel said re: clam vs. Snort.
On Apr 19, 2013 1:43 PM, "Joel Esler" <jesler at ...1935...> wrote:

> On Apr 19, 2013, at 3:56 PM, Scott Bonar <sbonar at ...11827...> wrote:
> Hopefully some quick questions from a Snort 'noob'.
> 1) got Snort up and running but I was curious, what is the best way to
> test it?
> Browse the internet for a bit!  ;)
> No, really, maybe some metasploit, icmp traffic?  Something like that.
> 2) what is the difference between ClamAV and Snort since it appears as
> if Snort has anti-virus/anti-spam/anti-phishing rules?
> ClamAV operates on files, on end hosts.  Snort is a network detection tool
> that watches traffic as it goes by and stops it (if in IPS mode).  The
> detection is written by the same people at the same time, so everything
> that Snort has a rule for ClamAV also has a rule for.
> --
> *Joel Esler*
> Senior Research Engineer, VRT
> OpenSource Community Manager
> Sourcefire
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130421/4de592e7/attachment.html>

More information about the Snort-users mailing list