Re: Ourmon

["Jefferson, Shawn" <Shawn.Jefferson () bcferries com>]

The closest thing I've heard of to a "learning mode" with Snort, is to run PRADS to build your Host Attribute table, so 
that Snort knows what OSes are running and what services on what ports are on your network.  The Host Attribute table 
applies to the stream and frag preprocessors, as well as to some rules (ie. http rules that can apply if you are 
running a web server on a non-standard port).

________________________________
From: Andres Carrera [mailto:protoss_black88 () hotmail com]
Sent: Thursday, November 18, 2010 9:03 AM
To: snort-devel () lists sourceforge net; snort-users () lists sourceforge net
Subject: [Snort-users] Ourmon

Hi,

snort (any version) can work with ourmon [http://ourmon.sourceforge.net/]?
or there is something I can do to install snort and ourmon together..
or maybe is there something very similar to ourmon that I can use with snort..?

I want to build a "snort learning machine" so, it can study the traffic from a network
and then with that learned mode finished, I want to begin a detection mode.

Please somebody that knows how to make a learning mode with snort, please
let us know about it.

Regards,

Abdon Carrera




------------------------------------------------------------------------------
This SF Dev2Dev email is sponsored by:

WikiLeaks The End of the Free Internet
http://p.sf.net/sfu/therealnews-com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users