Snort IDS tips for VARs a

Snort configuration -- Conclusion

In the next Snort Report we will see what sorts of activity Snort might detect given this limited configuration. In the Snort Report that follows we will explore Snort's new dynamic preprocessors (FTP, TELNET, SMTP, SSH, DCE-RPC and DNS) by adding them to the configuration file.


Snort: Understanding the configuration file

 Introduction: Upgrade to Snort 2.6.1.2
 The snort.conf file
 Defining IP ranges of interest
 Defining ports of interest
 Core preprocessors
 Non-dynamic preprocessors
 Conclusion

About the author
Richard Bejtlich is founder of TaoSecurity, author of several books on network security monitoring, including Extrusion Detection: Security Monitoring for Internal Intrusions, and operator of the TaoSecurity blog.


This was first published in January 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: