Re: Snort/Hogwash help

From: Michael Boman (michael.boman@securecirt.com)
Date: 11/29/01

Previous message: tony toni: "Unix Security Standards, books, tools..."
In reply to: Thomas Madhavan: "Snort/Hogwash help"
Next in thread: cosmin: "Re: Snort/Hogwash help"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-Id: <200111290229.fAT2SvK04577@terminalserver.lan.securecirt.com>
From: Michael Boman <michael.boman@securecirt.com>
To: "Thomas Madhavan" <tmadhavan@ntlworld.com>, <security-basics@security-focus.com>
Subject: Re: Snort/Hogwash help
Date: Thu, 29 Nov 2001 10:28:48 +0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 27 November 2001 16:00, Thomas Madhavan wrote:
> Hi guys,
>
> I'm a pretty new user to Linux, and I want to set up some sort of
> protection for my box. I have snort installed and I'm looking for rulesets
> - the problem I have is this:
>
> When I run snort, it runs in a terminal. How exactly do I set snort to just
> run in the background, collecting unusual packets? I'm sure there must be a
> way.
>
> Also, is Hogwash a suitable tool to use instead of/as well as snort? I need
> something that is relatively simple but also effective.
>
> Regards,
>
> Thomas Madhavan

./snort -D

Also well explained in the snort documentation.

Michael Boman

- --
Michael Boman Mobile: +65 96942601 750C Chai Chee Road
Security Architect Phone : +65 243 6800 #04-01
SecureCiRT Fax : +65 441 5119 Singapore 469003
http://www.securecirt.com mailto:michael.boman@securecirt.com

GnuPG: FA4E C6CC B73E 320E 3349 C64F 76CE 5F40 98AB 689C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8BZ1ods5fQJiraJwRAk7tAJ44JdzfyE2InFFaCAU7NEVX3sID6gCg1qCO
Bk3ATb23n6GG80anGwzFGEc=
=lMeY
-----END PGP SIGNATURE-----

Previous message: tony toni: "Unix Security Standards, books, tools..."
In reply to: Thomas Madhavan: "Snort/Hogwash help"
Next in thread: cosmin: "Re: Snort/Hogwash help"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Linux/*nix open source IDS
... Snort is my personal favorite. ... AFAIK Tripwire is more a "System File ... IDS" which creates a hash of files and compares to check for differences. ... sort of critiques they have received. ...
(Focus-IDS)
Re: OT: "a substantial piece of confectionery"
... I'll see your Glock-Sock - and raise you a Glockwork Chocolate Orange. ... You know what these sort of situations are like though - once the crims ...
(uk.rec.motorcycles)
Re: Phantom /var full messages
... >> I suspect this is some sort of filehandle not being released issue, ... if you could isolate it to just snort or just MySQL. ...
(freebsd-questions)
Re: Snort/Hogwash help
... > I'm a pretty new user to Linux, and I want to set up some sort of protection ... I have snort installed and I'm looking for rulesets - the ...
(Security-Basics)
REVIEW: "Snort Cookbook", Angela Orebaugh/Simon Biles/Jacob Babbin
... %T "Snort Cookbook: Solutions and Examples for Snort Administrators" ... cookbook format is used effectively, and thus the work becomes a ... it also depends on what sort of person you are. ...
(rec.arts.books.reviews)