Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Tcpdump, alerts and portscans

From: Erik Fichtner <emf () servervault com>
Date: Mon, 25 Jun 2001 17:20:30 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Jun 25, 2001 at 05:02:13PM -0400, Jason Lewis wrote:

Hmmmm.......  Well how about something that does analysis on the tcpdump
file to detect portscans?  Maybe even something to correlate data once it is
in ACID?


Uh.. I don't think you want to do that.  You'd have to basically capture all
your network traffic and stash it in the db and then have tools grovelling
over it... you'd never catch up..  (Hmm. sounds like WebTr***s...)

- -- 
Erik Fichtner
Security Administrator, ServerVault, Inc.
703-333-5900
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7N6seQ7EzrewLMS0RAlXGAKDNYYIUSB3jcwE+35afId/GsKHBAACfQHUI
6zH4iQ9Pv/JVJEWjNFCpCKw=
=T0Bz
-----END PGP SIGNATURE-----

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: