Snort configuration -- Conclusion

This segment wraps up the Snort configuration tip.

In the next Snort Report we will see what sorts of activity Snort might detect given this limited configuration. In the Snort Report that follows we will explore Snort's new dynamic preprocessors (FTP, TELNET, SMTP, SSH, DCE-RPC and DNS) by adding them to the configuration file.


Snort: Understanding the configuration file

  Introduction: Upgrade to Snort 2.6.1.2
  The snort.conf file
  Defining IP ranges of interest
  Defining ports of interest
  Core preprocessors
  Non-dynamic preprocessors
 Conclusion

About the author
Richard Bejtlich is founder of TaoSecurity, author of several books on network security monitoring, including Extrusion Detection: Security Monitoring for Internal Intrusions, and operator of the TaoSecurity blog.

This was first published in January 2007

Dig deeper on Network security products, technologies, services

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close