[Snort-users] general questions

Jeremy Hoel jthoel at ...11827...
Sat Mar 30 03:49:41 EDT 2013


Use pulledpork.. for most people it works better and it is updated more often.

Read the config, read the docs.. it's easy to use.

On Fri, Mar 29, 2013 at 11:34 PM, Mohammad MontazerI
<mohamad_montazery at ...131...> wrote:
> dear all thank you so much.
> as i found out snort log files is not suitable for traffic shaping. and it
> using for tracking the alerts.
>
>
> here just one more question:
> i already installed snort.(with all rules)
> now can i use oinkmaster to manage my rules?
>
> ________________________________
>
> On 3/29/2013 14:40, Mohammad MontazerI wrote:
>> i know.
>> but snort has packet sniffer. so i can use it as an IDS and network
>> traffic
>> shape. cant?
>
> no, you can't... why should snort be processing all that data when its
> purpose
> is penetration prevention?
>
>> if its not for this kind of need so the log file used for what?
>> why even snort create a log file from network traffic?
>
> the pcaps are only of the network packets that *caused an alert*... nothing
> else... the pcaps are so you can perform diagnostics to confirm the alert is
> a
> true positive and so you can then followup with security or preventative
> measures unless your system has already acted upon the alert and instituted
> some
> protective measures...
>
>
>
>
>
> ------------------------------------------------------------------------------
> Own the Future-Intel(R) Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest. Compete
> for recognition, cash, and the chance to get your game on Steam.
> $5K grand prize plus 10 genre and skill prizes. Submit your demo
> by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!




More information about the Snort-users mailing list