LinuxWorld.com: Protecting your network with Snort
Nov 01, 2001, 12:57 (0 Talkback[s])
(Other stories by Joshua Drake)
"The following article does not cover Snort in great
detail. Snort is a large program in terms of its available options,
and would take several articles to cover comprehensively. Instead,
here is a brief overview of the program, and some of its options.
After a quick review of the above alert log excerpt, I was able
to determine easily that Snort did indeed pick up my port scan from
nmap. This is an excellent first step in noticing intrusion to the
system.
After further review, I found that if you run Snort without any
options, you are running in Packet Logger Mode. The packet logger
mode will log all of the packet information to the log directory,
and unless you enjoy reading lots of TCP/IP packet information, I
don't suggest this option. Also, if you would like to see a summary
of traffic on the network in real time, you can use the -v option.
The -v option will print all TCP/IP headers to the screen."
Complete
Story
Related Stories:
- Federal Computing Week: Spotting mischief
(Sep 30, 2001)
- LinuxFocus.org: Psionic Portsentry 1.1, the defender of the ports
(Sep 08, 2001)
- LinuxSecurity.com: Snort 1.8 now available(Aug 15, 2001)
- O'Reilly Network: Tools of the Trade: Part 3(Jul 29, 2001)
- O'Reilly Network: Tools of the Trade (tcpdump, tripwire)(Jul 14, 2001)
- Linux Journal: PortSentry(Jul 14, 2001)
- Linux.com: Introduction to Port Scanning(Jun 07, 2001)
- LinuxWorld: Understanding stealth scans: Forewarned is forearmed(Mar 22, 2001)
