[Snort-users] Any Good Books out there?

Justin Pederson jpedersm at ...11827...
Thu Dec 1 19:03:30 EST 2016


Thank you guys so far you all have been great.  Im not at work right now
but will check the scan_local option tomorrow.  Marcin your correct about
network logging being a form of art.  I know a forensic guy and when
talking to his specialist for netflow there really isn't anything out there
for in-depth explanation on things just high level stuff.

On Thu, Dec 1, 2016 at 5:18 PM, Joel Esler (jesler) <jesler at ...589...>
wrote:

> I can’t say that we haven’t been approached about writing a new one.
> Because we have.  However, there are only so many hours of the day.
>
> *--*
> *Joel Esler *| *Talos:* Manager | jesler at ...589...
>
>
>
>
>
>
> On Dec 1, 2016, at 5:49 PM, Marcin Dulak <marcin.dulak at ...11827...> wrote:
>
> Hi,
>
> in my opinion the snort manual (we are talking about manual.snort.org)
> focuses
> on the technical details and does not provide a context of why snort does
> what it does. I can recommend two books that provide some context:
> - https://www.amazon.com/Applied-Network-Security-
> Monitoring-Collection/dp/0124172083 - short, less technical, a good place
> to start
> - https://www.amazon.com/Snort-Toolkit-Beales-Source-
> Security/dp/1597490997 - long, very old, but provides a lot of context
> and funny statements like
> "The actual code that parses the various options within Snort is scattered
> throughout the code base" on page 177 of the 2007 edition, or a mention of
> snort 3.0 on page 179!
>
> It's pretty outrageous that such a fundamental field as network monitoring
> is still considered an art and there are no readily available materials.
>
> Marcin
>
> On Thu, Dec 1, 2016 at 7:23 PM, Justin Pederson <jpedersm at ...11827...>
> wrote:
>
>> I'm just getting into snort.  While there is allot of information out
>> there on snort, allot of it is not strait forward.  If I am looking for a
>> book to get up to speed on they system.  By chance does anyone know of any
>> good books to read?
>>
>> ------------------------------------------------------------
>> ------------------
>>
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot______
> _________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20161201/190cbd1a/attachment.html>


More information about the Snort-users mailing list