[Snort-users] Snort noob questions

Scott Bonar sbonar at ...11827...
Tue Apr 23 15:55:43 EDT 2013


Thanks.  I enabled the portscan preprocessor and ran the nmap command, 
but I am still not getting any alerts.
What am I missing?

Scott

On 04/21/2013 06:02 PM, Caleb Jaren wrote:
>
> If this helps, I've always used an nmap Xmas scan against a host in 
> the monitored segment. The scan (iirc) would be something like "nmap  
> -v -sX <target ip>".
>
> What Joel said re: clam vs. Snort.
>
> On Apr 19, 2013 1:43 PM, "Joel Esler" <jesler at ...1935... 
> <mailto:jesler at ...1935...>> wrote:
>
>     On Apr 19, 2013, at 3:56 PM, Scott Bonar <sbonar at ...11827...
>     <mailto:sbonar at ...11827...>> wrote:
>
>>     Hopefully some quick questions from a Snort 'noob'.
>>
>>     1) got Snort up and running but I was curious, what is the best
>>     way to
>>     test it?
>
>     Browse the internet for a bit!  ;)
>
>     No, really, maybe some metasploit, icmp traffic?  Something like that.
>
>>     2) what is the difference between ClamAV and Snort since it
>>     appears as
>>     if Snort has anti-virus/anti-spam/anti-phishing rules?
>
>     ClamAV operates on files, on end hosts.  Snort is a network
>     detection tool that watches traffic as it goes by and stops it (if
>     in IPS mode).  The detection is written by the same people at the
>     same time, so everything that Snort has a rule for ClamAV also has
>     a rule for.
>
>     --
>     *Joel Esler*
>     Senior Research Engineer, VRT
>     OpenSource Community Manager
>     Sourcefire
>
>
>     ------------------------------------------------------------------------------
>     Precog is a next-generation analytics platform capable of advanced
>     analytics on semi-structured data. The platform includes APIs for
>     building
>     apps and a phenomenal toolset for data science. Developers can use
>     our toolset for easy data analysis & visualization. Get a free
>     account!
>     http://www2.precog.com/precogplatform/slashdotnewsletter
>     _______________________________________________
>     Snort-users mailing list
>     Snort-users at lists.sourceforge.net
>     <mailto:Snort-users at lists.sourceforge.net>
>     Go to this URL to change user options or unsubscribe:
>     https://lists.sourceforge.net/lists/listinfo/snort-users
>     Snort-users list archive:
>     http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
>     Please visit http://blog.snort.org to stay current on all the
>     latest Snort news!
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130423/cf426ac5/attachment.html>


More information about the Snort-users mailing list