Snort mailing list archives
Re: Tcpdump, alerts and portscans
From: Erik Fichtner <emf () servervault com>
Date: Mon, 25 Jun 2001 17:20:30 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Jun 25, 2001 at 05:02:13PM -0400, Jason Lewis wrote:
Hmmmm....... Well how about something that does analysis on the tcpdump file to detect portscans? Maybe even something to correlate data once it is in ACID?
Uh.. I don't think you want to do that. You'd have to basically capture all your network traffic and stash it in the db and then have tools grovelling over it... you'd never catch up.. (Hmm. sounds like WebTr***s...) - -- Erik Fichtner Security Administrator, ServerVault, Inc. 703-333-5900 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7N6seQ7EzrewLMS0RAlXGAKDNYYIUSB3jcwE+35afId/GsKHBAACfQHUI 6zH4iQ9Pv/JVJEWjNFCpCKw= =T0Bz -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Tcpdump, alerts and portscans Jason Lewis (Jun 24)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Re: Tcpdump, alerts and portscans Phil Wood (Jun 25)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Re: Tcpdump, alerts and portscans Erik Fichtner (Jun 25)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Re: Tcpdump, alerts and portscans Erik Fichtner (Jun 25)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Re: Tcpdump, alerts and portscans Martin Roesch (Jun 25)
- Re: Tcpdump, alerts and portscans Phil Wood (Jun 25)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Re: Tcpdump, alerts and portscans Phil Wood (Jun 25)
- RE: Tcpdump, alerts and portscans Jason Lewis (Jun 25)
- Snort Install Doc Jason Lewis (Jun 25)
- RE: Snort Install Doc Stefan Dens (Jun 27)
- RE: Snort Install Doc Jason Lewis (Jun 27)