Get APLawrence.com by RSSSnort Cookbook
- Angela Orebaugh,Simon Biles & Jacob Babbin
- O'Reilly
- 0596007914
Order (or just read more about) Snort Cookbook from Amazon.com
Snort is deceptively simple to get started with. On many platforms, you don't even have to compile anything; you can get current binaries for Linux, Mac OS X and even Windows. Nor do many users have to bother with any configuration: the defaults are often perfectly suitable.
This book presents recipes for those who want to do more. I liked that it gave space to Windows, Linux and Mac issues, but I did find this a bit jumbled and disorganized. To some extent, that's the nature of "cookbook" style books, and it's not that there was no attempt at gathering these into major chapter sections like Installation, Logging, etc. I just felt it could have been done better.
I was also a bit disappointed with the coverage of rules in general. Rules are the heart of Snort and this book doesn't do a very good job explaining them. Snort rules aren't particularly difficult (see http://packetstormsecurity.nl/papers/IDS/snort_rules.htm for a good intro), and the authors probably just assumed that you are already at least somewhat familiar with them.
On the other hand, there are a lot of useful tips here. I was not previously aware of the "resp:" mechanism which allows you to close of a session that Snort has identified. None of the rules included with Snort use that, and I must not have gotten that far in the docs, so this was news to me. I also was unaware of http://oinkmaster.sourceforge.net/ for rule updates; the Snort site doesn't mention that. There was more, but these two stand out in my memory.
If you are using Snort, this book might help you get more use out of it.
Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)
| Views for this page | ||||
|---|---|---|---|---|
| Today | This Week | This Month | This Year | Overall |
| 2 | 15 | 13 | 939 | 2,671 |
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
http://www.cleverminds.net Need expert advice? Want a second opinion? CleverMinds is a one-stop-shop for a wide range of technology solutions. We support Unix, Linux, SCO as well as CMS, ecom, blogs, podcasts, search engines consulting and more. Contact us at web2.0@cleverminds.net 0r (617) 894-1282
http://thatitguy.com Business networking servers, Linux and Unix experts. In business since 1997! Windows and Exchange to Samba and Scalix migration experts.
- Dec 4 07:16
Being tired will cost me at Poker tonight but I don't see how I can squeeze in a nap. - Dec 4 04:06
Wife had a nightmare at 2:00 AM; I never got back to sleep. Gave up at 4:00 and got up.
Add your comments
comment on this page here