Snort mailing list archives
RE: snort.org recommended reading? (was Re: General Snort Help!)
From: "Hicks, John" <JHicks () JUSTICE GC CA>
Date: Fri, 24 Jan 2003 10:01:29 -0500
The 2 folowing books from Stephen Northcut et al (SANS/GIAC) are among my top recommendations, mainly because it focuses on ID/IA, not just Snort. It goes over logs from many devices as are usually found, however, it still provides most examples in Snort format as it's most common. Intrusion Signatures and Analysis http://www.amazon.com/exec/obidos/tg/detail/-/0735710635/ref=pd_bxgy_text_1/ 104-5618746-4066301?v=glance&s=books Network Intrusion Detection (3rd Edition) http://www.amazon.com/exec/obidos/tg/detail/-/0735712654/ref=pd_sim_books_1/ 104-5618746-4066301?v=glance&s=books cheers, John -----Original Message----- From: twig les [mailto:twigles () yahoo com] Sent: Tuesday, January 21, 2003 11:36 PM To: Erek Adams; Lorraine Cannavale Cc: 'snort-users () lists sourceforge net' Subject: snort.org recommended reading? (was Re: [Snort-users] General Snort Help!) I was reading this message and thinking that maybe it would be a good idea for snort.org to have a little tab under the /docs page for recommended reading (books). I didn't want to suggest it since snort developers may not want to seem to endorse certain authors, but then Ereks reply named 4 books, the first 3 which had popped into my head. Specifically the two Northcutts and the Stevens books. Just a thought. --- Erek Adams <erek () snort org> wrote:
On Tue, 21 Jan 2003, Lorraine Cannavale wrote:Hello, I am very new at the whole IntrusionDetection Process and especiallysnort. There is a network administrator here that hasinstalled an IDS utilizingsnort, etc and is responsible for maintaining thesystem.I was hired by the Security Administrator to helpmonitor the alerts on adaily basis, analyze the data, and help reduce thefalse positives.So, I have the easy job, but I'm having majordifficulties understandingwhat the alerts actually mean and deciphering whatis a false positive, trueintrusion, or just an informational alert. I haveread the Snort usermanual, understand how to read the rules, and havefound some information onthe alerts, but it is still confusing to me. Can anyone recommend additional resources thatwould help me (books, on-linemanuals, or web sites)? I've read emails from the Snort mailing list andthis all seems to make alot of sense to everyone else, I'm curious how youall obtained yourknowledge and if there is anything you can sharewith me!? [...snip...] In my opinion, in order of need/usefulness: TCP/IP Illustrated, Volume 1 The Protocols by W. Richard Stevens ISBN 0201633469 Network Intrusion Detection An Analyst's Handbook by Stephen Northcutt ISBN 0735708681 Intrusion Signatures and Analysis by Stephen Northcutt ISBN 0735710635 Intrusion Detection by Rebecca G. Bace ISBN 1578701856 The rest.... Well, just get on a .edu network and learn. ;-) Hope that's of some help! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson
-------------------------------------------------------
This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users ===== ----------------------------------------------------------- Know yourself and know your enemy and you will never fear defeat. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: snort.org recommended reading? (was Re: General Snort Help!) Hicks, John (Jan 24)