Re: Snort noob questions

[Joel Esler <jesler () sourcefire com>]

On Apr 19, 2013, at 3:56 PM, Scott Bonar <sbonar () gmail com> wrote:

> Hopefully some quick questions from a Snort 'noob'.
>
> 1) got Snort up and running but I was curious, what is the best way to 
> test it?

Browse the internet for a bit!  ;)

No, really, maybe some metasploit, icmp traffic?  Something like that.

> 2) what is the difference between ClamAV and Snort since it appears as 
> if Snort has anti-virus/anti-spam/anti-phishing rules?

ClamAV operates on files, on end hosts.  Snort is a network detection tool that watches traffic as it goes by and stops 
it (if in IPS mode).  The detection is written by the same people at the same time, so everything that Snort has a rule 
for ClamAV also has a rule for.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!