Snort as Network Intrusion Detection system - Help Needed

["Sadanapalli, Pradeep Kumar (MED, TCS)" <Pradeep.Sadanapalli () med ge com>]

Hi Friends,
Presently we are using BlackICE agent on windows as an Intrusion
Detection System.
Whatever port scans take place, it logs the events as per the
configuration.

Here is the brief configuration for it.

Back Tracing :
  Indirect Trace : Threshold = 3
  Enable DNSlookup
  Direct Trace : Threshold = 4
  Disable NetBIOS NodeStatus

  Trusted Addresses :
  //nothing added yet for this

  trust.myself = enabled
  trust.issue = TRUST "RPC CALLIT ping"

Whenever it detects a scan on a port, it first tries to resolve the IP
address vis DNS Lookup. If the IP is resolved,
it replaces the IP with the hostname and logs. 
If the IP is not resolved, it will not query back via NetBIOS, but just
logs the event.


Now I would like to run SNORT as an Intrusion Detection System on my
Linux Desktop running RedHat Linux 8.0
with snort-1.9.0 . My Linux Box is in the LAN.
I would also like to achieve the above functionality with snort. Please
help in achieving this .
What should I configure in my snort.conf file? Do I need to edit the
rules database?
Any guidance is appreciated.

Thanks in advance..

Pradeep


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users