Snort mailing list archives
Help with Snort setup
From: sekure <sekure () gmail com>
Date: Tue, 14 Sep 2004 11:01:00 -0400
Is it just me or is the list getting more and more emails of the content: "I don't know Unix, or Windows, or networking, but I want to setup Snort, please help me."? Pardon the stupid question, but even if after enlisting the help of everyone on the list you do manage to somehow get Snort up and running, what purpose can it possibly serve? All of the alerts generated are fairly complex and require at least some understanding of the underlying OS and networking technology to analyze them, not to mention separate false positives from the rest of the traffic, tune the rules, follow up on alerts, etc. This is why I feel that the step by step guides are almost a disservice, they make Snort accessible to people who don't know what to do with it. And even the guides themselves generate a load of questions. I almost feel like there should be a variaton on the amusement park sign: "You must know this much to run Snort"... IDS is not a set it and forget it solution, and not a magic bullet. Just "setting up Snort" will not make you magically more secure. So unless you are willing to dedicate serious time to it, don't even bother. And if you are, search the archives, read the FAQ, search the archives, learn how to build from scratch, did I mention search the archives? Reading the rules to the Snort-Users Drinking Game wouldn't hurt either, you'll know the questions NOT to ask. I digress.... ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 13. Go here: http://sf.net/ppc_contest.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- help with snort setup chang zhu (Sep 14)
- <Possible follow-ups>
- Help with Snort setup sekure (Sep 14)
- RE: Help with Snort setup Harper, Patrick (Sep 14)
- RE: Help with Snort setup Asceta (Sep 14)
- RE: Help with Snort setup M Shirk (Sep 15)