Snort mailing list archives

Re: Books, URLS, Info On Reading & Understanding Snort Alerts

From: Erek Adams <erek () snort org>
Date: Tue, 22 Jul 2003 07:52:02 -0400 (EDT)

On Mon, 21 Jul 2003, Steve Nutt wrote:

I am trying to better understand how one would research and determine what
is actually happening with the network alerts. I have snort and snortsnarf.
I get activity but I don't have a clue about how to go about validating the
actual alert. Does someone have a good site, book, magazine, class, user
group etc. that will point me in the direction to acquire the knowledge to
understand my alerts.

I get an alert and GFI but spend hours reading about someone else's attempts
to understand the same thing.


Check the "Required Reading" section of the FAQ [0].  #1.4  The 'IDS' book
section is what you really need to understand things.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://www.snort.org/docs/FAQ.txt


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Books, URLS, Info On Reading & Understanding Snort Alerts Steve Nutt (Jul 21)
- Re: Books, URLS, Info On Reading & Understanding Snort Alerts sunzi (Jul 22)
- Re: Books, URLS, Info On Reading & Understanding Snort Alerts Erek Adams (Jul 22)