Snort mailing list archives
RE: Tuning a snort IDS
From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
Date: Mon, 29 Jul 2002 09:45:19 -0400
Well... If you're looking for specifics, there's not much to be said without requiring you to post a very detailed network schematic to the Internet for comments. Tuning an IDS is obviously *very* instance-specific. And unfortunately there are far too many considerations to list in this type of forum. In my opinion, the best thing that you can do is get your hands on some good books about IP (and related protocols), Ethernet, and intrusion detection. TCP/IP Illustrated (Vol. 1) by Richard Stevens is a great (big) handbook to have around. And Network Intrusion Detection by Northcutt/Novak is one of the better texts on the subject. If you have a good grasp on network protocols and practical IDS operation, you'll have no problem understanding how you need to tune and test your system. Cheers Keith
-----Original Message----- From: Ashley Thomas [mailto:athomas () cc gatech edu] Sent: Friday, July 26, 2002 9:11 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Tuning a snort IDS hi all, Do you know if there is any document on tuning a snort IDS or in general for any IDS ? Please let me know. thanks ashley
------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Tuning a snort IDS Ashley Thomas (Jul 26)
- <Possible follow-ups>
- RE: Tuning a snort IDS McCammon, Keith (Jul 29)