Snort mailing list archives

Re: help!

From: Erek Adams <erek () theadamsfamily net>
Date: Fri, 19 Apr 2002 16:37:17 -0700 (PDT)

On Sat, 20 Apr 2002, [gb2312] ?? ???? wrote:

Thank for your attention!But I really need the completed documents about
the classtype of snort.I hope you can help me!Just as "attempted-admin",
description is "Attempted Administrator Privilege Gain",I need more
information.Thanks again!!


I'm sorry, but since these classifications are arbitrary, there is _no_
docuemntation on them.  The idea is for these to be a baseline and for folks
to expand upon these as needed.

If you're looking for more info on "what's going on" then I suggest getting:

http://www.amazon.com/exec/obidos/ASIN/0735710082/qid=1019259371/sr=8-1/ref=sr_8_83_1/103-6014763-1078217

(Long line, may not wrap well...)

It explains a bit more how to understand and interpret your NIDS data.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

help! 李洪源 (Apr 18)
- Re: help! Erek Adams (Apr 18)
- <Possible follow-ups>
- Re: help! 李洪源 (Apr 19)
  - Re: help! Erek Adams (Apr 19)
  - Re: help! Erek Adams (Apr 19)