Snort mailing list archives
RE: Spade/Spice and Snort?
From: "Michael Steele" <michaels () winsnort com>
Date: Mon, 3 Nov 2003 13:13:24 -0800
The CC thing is a quirky part of Outlook. I usually 'Reply to all' because if I just hit the 'reply' button, it only sends eMail to the users address and not to the list. The usefulness of spade has greatly diminished when it was no longer accepted and removed as a part of the Snort distribution. I'm sure the last update was working with 2.x. You can contact the programmer (Jim Hoagland) and he can verify this. I think his eMail is in the distribution. Cheers... -Michael Steele -- System Engineer / Security Support Technician mailto:michaels () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users- admin () lists sourceforge net] On Behalf Of Matt Kettler Sent: Monday, November 03, 2003 7:05 AM To: Mark.Schutzmann () Omron com; Michael Steele Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Spade/Spice and Snort? At 03:34 PM 11/2/2003, Mark.Schutzmann () Omron com wrote:Michael, Thanks for that. In fact, I have learned about Spade from SiliconDefense. Since this is a user group, I am actually asking for experientialcomments.In knowing that Spade works on statistical anomolies, I am wondering if people are finding this to be as useful as it sounds, or whether it isjustanother tool to sort out FPs and whether it just adds overhead to Snort.(dropping the undesirable cc to snort-users-admin () lists sourceforge net) Personally, I successfully ran spade on a low-end hardware box so it's not very high overhead.. it's definitely MUCH lower overhead than the spp_conversation/spp_portscan2 pairing, which caused truly horrid packet drop rates on the same hardware (>10%, and I think it was over 20%). I found that in general things like installing a p2p client on a host that previously did nothing but browse the web causes it to fire off quite a bit for a few days, but in general I found it to be fairly low on the false alarms.. I did have to turn a few of the default settings off to get a decent level of noise, but later versions of spade appeared to adopt the same settings as the default. Unfortunately, it looks like there's no version of spade designed for snort 2.0.. the last version they released was 1/25/2003, and supported snort 1.9.0 (it works on 1.9.1 as well). It could possibly work with 2.0, but I've not tried it. Given that Silicon Defense has sold their sentaurus product line to demarc, it's unclear if they are going to continue development of spade or not. It's kind of a shame I've not seen more active development of it.. it was a very useful plugin. ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Spade/Spice and Snort? Mark . Schutzmann (Oct 31)
- RE: Spade/Spice and Snort? Michael Steele (Nov 01)
- <Possible follow-ups>
- RE: Spade/Spice and Snort? Mark . Schutzmann (Nov 02)
- Message not available
- RE: Spade/Spice and Snort? Matt Kettler (Nov 03)
- RE: Spade/Spice and Snort? Michael Steele (Nov 03)
- Message not available
- RE: Spade/Spice and Snort? Mark . Schutzmann (Nov 03)
- RE: Spade/Spice and Snort? Michael Steele (Nov 03)
- RE: Spade/Spice and Snort? Matt Kettler (Nov 12)
- RE: Spade/Spice and Snort? Michael Steele (Nov 03)