Chris W. Parker wrote:
My intent is to get a better idea of what kind of traffic is traversing
my network. I don't know what kind of attacks I'm on the look out for
but I was hoping Snort would let me know (using the rule files). Of
course I expect to learn more as I go along.
Chris, another tool you should take a look at is called ntop. When run,
ntop sniff's the network and categorizes the traffic by type, source,
destination, protocol, Etc. It's not an IDS, but it provides a nice
web-based interface for seeing what's going on through traffic summaries.
Another neat tool for seeing what's going on in a network is a live view
tool called etherape, which draws the traffic as lines connecting IP's,
thickness in bandwidth, protocol in color.
Both of these tools are excellent for seeing, at the most basic level,
what is going on. They'll also tell you what kind of attacks you should
be looking for as well.
Once you have an idea what's going on, Snort can then look "under the
hood" for you - but analysis is still best done with a tool made for
doing just that. Just running snort with all of the default signatures
will provide you with huge haystack of data - and finding any needles
won't be as easy as you'd think without a proper analysis tool.
-js
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
