Snort mailing list archives
Snort as Network Intrusion Detection system - Help Needed
From: "Sadanapalli, Pradeep Kumar (MED, TCS)" <Pradeep.Sadanapalli () med ge com>
Date: Tue, 4 Mar 2003 16:46:28 -0600
Hi Friends, Presently we are using BlackICE agent on windows as an Intrusion Detection System. Whatever port scans take place, it logs the events as per the configuration. Here is the brief configuration for it. Back Tracing : Indirect Trace : Threshold = 3 Enable DNSlookup Direct Trace : Threshold = 4 Disable NetBIOS NodeStatus Trusted Addresses : //nothing added yet for this trust.myself = enabled trust.issue = TRUST "RPC CALLIT ping" Whenever it detects a scan on a port, it first tries to resolve the IP address vis DNS Lookup. If the IP is resolved, it replaces the IP with the hostname and logs. If the IP is not resolved, it will not query back via NetBIOS, but just logs the event. Now I would like to run SNORT as an Intrusion Detection System on my Linux Desktop running RedHat Linux 8.0 with snort-1.9.0 . My Linux Box is in the LAN. I would also like to achieve the above functionality with snort. Please help in achieving this . What should I configure in my snort.conf file? Do I need to edit the rules database? Any guidance is appreciated. Thanks in advance.. Pradeep ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort as Network Intrusion Detection system - Help Needed Sadanapalli, Pradeep Kumar (MED, TCS) (Mar 04)
- Re: Snort as Network Intrusion Detection system - Help Needed Erek Adams (Mar 04)
- Re: Snort as Network Intrusion Detection system - Help Needed Paul Schmehl (Mar 04)
- Re: Snort as Network Intrusion Detection system - Help Needed Erek Adams (Mar 04)