Snort mailing list archives
Re: This has real potential
From: "Crook, Parker" <Parker_Crook () reyrey com>
Date: Fri, 26 Feb 2010 16:59:17 -0500
Alex, Thanks for putting the word out there; I was planning on announcing this over the weekend. I guess word gets out quick... I was just looking over a large nmap dataset and its resultant XML file and noticed that currently you want to disable DNS resolution during your nmap scan (-n switch). I should have some revised data up on the site and in the README over the weekend. I hope everyone enjoys it, and let me know if you have any suggestions or notice any errors, Parker _____ From: Alex Tatistcheff [mailto:alex.tatistcheff () gmail com] Sent: Friday, February 26, 2010 3:37 PM To: snort-users () lists sourceforge net Subject: [Snort-users] This has real potential There's a new Perl script on the block and it has HUGE potential to help Snort admins tune their installations. You're probably aware of the host attribute table feature where you create an .XML file describing the hosts on your network, then feed that into Snort. The key phrase here is "you create". In the past this was a very labor intensive process and could prove daunting if you have a large or fairly dynamic network. Just recently Parker Crook (one sharp individual) has written a script to create this host attribute .XML file from output obtained from the nmap scanner. The script is new and could use some testing from the community. However, the concept is sound and the value of automatically creating this file is significant. It's mentioned in a blog at http://global-security.blogspot.com/2010/02/hogging-snort-host-attribute-table.html The project, which is called Hogger (what a cool name) is available on Google Code at http://code.google.com/p/hogger Alex Tatistcheff alext () pobox com<mailto:alext () pobox com>
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- This has real potential Alex Tatistcheff (Feb 26)
- Re: This has real potential Crook, Parker (Feb 26)
- Re: This has real potential Edward Bjarte Fjellskål (Feb 26)