Re: Traffic Analysis

[gary.smith () ScottishAmicable co uk]

Greg:

I would recommend you get a hold of Stephen Northcutt's works 

Intrusion Detection Analysts Handbook (sorry don't have that to hand for the
ISBN)
Intrusion Signatures and Analysis ISBN:0-7357-1063-5

The second one in particular is superb and would give you an excellent start
in your project.  Most "classic" attacks are in it with snort output and
triggering rules etc.  

You should also check out http://www.sans.org/giac.htm

--Gary;

> Message: 2
> Date: Sat, 08 Sep 2001 14:19:42 -0400
> From: Greg Sarsons <gsarsons () home com>
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] traffic analysis

> I'm working on a school project that will deal with traffic analysis ...
> usage statistics, what traffic is being seen, unexpected traffic etc.

> Does anyone have thoughts on using snort to accomplish this?



**********************************************************************
Information contained herein is the sole responsibility of the Individual
sending the message. No responsibility is admitted by Scottish Amicable
for any loss or damage incurred through use of the email. In addition, no
statement should be construed as giving investment advice within or
outside the United Kingdom.
An email reply to this address may be subject to interception or monitoring
for operational reasons or for lawful business practices.
*********************************************************************

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users