Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Spade available via Snortenstein

From: James Hoagland <hoagland () SiliconDefense com>
Date: Thu, 10 Oct 2002 08:33:26 -0700

Greetings,
This message is for Linux Snort users (and for Snort users that have access to a Linux box). Spade version 021008.1 is now available via Snortenstein: 

   http://sourceforge.net/projects/snortenstein/

It is in the snort_1_9/spade suite.
From the Snortenstein summary: "Snortenstein is an automated patching system for Snort. Snortenstein guides you through the process of choosing/selecting the patches you want to apply to Snort, and then automatically patches your local Snort source tree."
For those that don't know, Spade is a Snort add-on which gives Snort the ability to do statistical anomaly detection. That is, it enables Snort to find packets that are unusual relative to other packets on your network. This means that they may be suspicious, e.g., they are part of a portscan. Best of all, its pretty fast and all you need to tell it about your network is what your networks IP ranges are. 

To install Spade into Snort using Snortenstein:
1) Download and unpack the source distribution of Snort 1.9.0 if you haven't already already. 

   http://www.snort.org/dl/snort-1.9.0.tar.gz

2) Get Snortenstein following the 2 steps here:

   http://sourceforge.net/cvs/?group_id=57280
3) From your snort-1.9.0 directory, run Snortenstein's runme program with the argument 'snort_1_9/spade'. 

   E.g., ../snortenstein/runme snort_1_9/spade

4) Type 'y' for both the packet-cloning and the Spade patch.

That's it.  Then just build Snort like normal.

Spade information is available from:

  http://www.silicondefense.com/software/spice/

(A Spade tarball is also available for download there.)
Thanks to Ben Feinstein for his work on Snortenstein and for making Spade available from it. 

Best regards,

  Jim
--
|*      Jim Hoagland, Associate Researcher, Silicon Defense      *|
|*            --- Silicon Defense: IDS Solutions ---             *|
|*  hoagland () SiliconDefense com, http://www.silicondefense.com/  *|
|*   Voice: (530) 756-7317                 Fax: (530) 756-7297   *|


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: