Snort mailing list archives

Re: This has real potential

From: "Crook, Parker" <Parker_Crook () reyrey com>
Date: Fri, 26 Feb 2010 16:59:17 -0500

Alex,



Thanks for putting the word out there; I was planning on announcing this over the weekend.  I guess word gets out 
quick... I was just looking over a large nmap dataset and its resultant XML file and noticed that currently you want to 
disable DNS resolution during your nmap scan (-n switch).  I should have some revised data up on the site and in the 
README over the weekend.



I hope everyone enjoys it, and let me know if you have any suggestions or notice any errors,

Parker



  _____

From: Alex Tatistcheff [mailto:alex.tatistcheff () gmail com]
Sent: Friday, February 26, 2010 3:37 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] This has real potential



There's a new Perl script on the block and it has HUGE potential to help Snort admins tune their installations.  You're 
probably aware of the host attribute table feature where you create an .XML file describing the hosts on your network, 
then feed that into Snort.  The key phrase here is "you create".  In the past this was a very labor intensive process 
and could prove daunting if you have a large or fairly dynamic network.  Just recently Parker Crook (one sharp 
individual) has written a script to create this host attribute .XML file from output obtained from the nmap scanner.  
The script is new and could use some testing from the community.  However, the concept is sound and the value of 
automatically creating this file is significant.  It's mentioned in a blog at

http://global-security.blogspot.com/2010/02/hogging-snort-host-attribute-table.html

The project, which is called Hogger (what a cool name) is available on Google Code at http://code.google.com/p/hogger

Alex Tatistcheff
alext () pobox com<mailto:alext () pobox com>

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

This has real potential Alex Tatistcheff (Feb 26)
- Re: This has real potential Crook, Parker (Feb 26)
- Re: This has real potential Edward Bjarte Fjellskål (Feb 26)