Snort mailing list archives
Re: [Snort-users] Ourmon
From: "Edward Fjellskål" <edwardfjellskaal () gmail com>
Date: Wed, 08 Dec 2010 21:36:07 +0100
read some here: http://www.gamelinux.org/?p=86 Questions can be mailed to : prads-users () projects linpro no E On 12/08/2010 09:22 PM, Andres Carrera wrote:
Hi, Maybe you could let me some information about PRADS, and how tou use it, Cause I've search on the web, but with not much luck.. I haven't find anything really important. So now I'm pretty interested in now more about PRADS. Please let us now about PRADS Regards, Abdon Carrera Rivera ------------------------------------------------------------------------ From: Shawn.Jefferson () bcferries com To: protoss_black88 () hotmail com; snort-devel () lists sourceforge net; snort-users () lists sourceforge net Date: Wed, 8 Dec 2010 10:04:07 -0700 Subject: RE: [Snort-users] Ourmon The closest thing I’ve heard of to a “learning mode” with Snort, is to run PRADS to build your Host Attribute table, so that Snort knows what OSes are running and what services on what ports are on your network. The Host Attribute table applies to the stream and frag preprocessors, as well as to some rules (ie. http rules that can apply if you are running a web server on a non-standard port). ------------------------------------------------------------------------ *From:* Andres Carrera [mailto:protoss_black88 () hotmail com] *Sent:* Thursday, November 18, 2010 9:03 AM *To:* snort-devel () lists sourceforge net; snort-users () lists sourceforge net *Subject:* [Snort-users] Ourmon Hi, snort (any version) can work with ourmon [http://ourmon.sourceforge.net/]? or there is something I can do to install snort and ourmon together.. or maybe is there something very similar to ourmon that I can use with snort..? I want to build a "snort learning machine" so, it can study the traffic from a network and then with that learned mode finished, I want to begin a detection mode. Please somebody that knows how to make a learning mode with snort, please let us know about it. Regards, Abdon Carrera ------------------------------------------------------------------------------ This SF Dev2Dev email is sponsored by: WikiLeaks The End of the Free Internet http://p.sf.net/sfu/therealnews-com _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
------------------------------------------------------------------------------ This SF Dev2Dev email is sponsored by: WikiLeaks The End of the Free Internet http://p.sf.net/sfu/therealnews-com _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Ourmon Andres Carrera (Nov 18)
- Re: Ourmon Jefferson, Shawn (Dec 08)
- Re: [Snort-users] Ourmon Andres Carrera (Dec 08)
- Re: [Snort-users] Ourmon Edward Fjellskål (Dec 08)
- Re: Ourmon Alex Tatistcheff (Dec 09)
- Re: [Snort-users] Ourmon Andres Carrera (Dec 08)
- Re: Ourmon Jefferson, Shawn (Dec 08)