Snort mailing list archives
Traffic anomaly detection
From: Joerg Weber <j.weber () infos de>
Date: 12 Feb 2003 10:12:29 +0100
Ladies and Gentlemen, we are currently using snort with quite some success (and fun, I might add). Now, I'm looking at SPADE and have no trouble finding traffic using unused IP address or dead ports, etc. What I'm trying to implement is the detection of 'unusual' traffic, generated by an unknown worm, a warez server, etc. I assume this is possible with SPADE, could someone confirm this? If so, could someone share a config file and maybe some alert entry so I can parse my logs/db for similar entries? Thanks alot, J. Weber -- ---------------------------------- Joerg Weber Network Security InfoServe GmbH Nell-Breuning-Allee 6 66115 Saarbrücken T: 0681 - 88008 - 0 F: 0681 - 88008 - 33 ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Traffic anomaly detection Joerg Weber (Feb 12)
- Re: Traffic anomaly detection Erek Adams (Feb 12)
- Re: Traffic anomaly detection Frank Knobbe (Feb 12)
- Re: Traffic anomaly detection James Hoagland (Feb 12)
- <Possible follow-ups>
- RE: Traffic anomaly detection Bob McDowell (Feb 12)
- RE: Traffic anomaly detection Williams Jon (Feb 13)
- RE: Traffic anomaly detection Erek Adams (Feb 13)
- Re: Traffic anomaly detection Erek Adams (Feb 12)