Re: Snort noob questions

[Scott Bonar <sbonar () gmail com>]

Thanks.  I enabled the portscan preprocessor and ran the nmap command, 
but I am still not getting any alerts.
What am I missing?

Scott

On 04/21/2013 06:02 PM, Caleb Jaren wrote:
> If this helps, I've always used an nmap Xmas scan against a host in 
> the monitored segment. The scan (iirc) would be something like "nmap  
> -v -sX <target ip>".
>
> What Joel said re: clam vs. Snort.
>
> On Apr 19, 2013 1:43 PM, "Joel Esler" <jesler () sourcefire com 
> <mailto:jesler () sourcefire com>> wrote:
>
>     On Apr 19, 2013, at 3:56 PM, Scott Bonar <sbonar () gmail com
>     <mailto:sbonar () gmail com>> wrote:
>
> >     Hopefully some quick questions from a Snort 'noob'.
> >
> >     1) got Snort up and running but I was curious, what is the best
> >     way to
> >     test it?
>
>     Browse the internet for a bit!  ;)
>
>     No, really, maybe some metasploit, icmp traffic?  Something like that.
>
> >     2) what is the difference between ClamAV and Snort since it
> >     appears as
> >     if Snort has anti-virus/anti-spam/anti-phishing rules?
>
>     ClamAV operates on files, on end hosts.  Snort is a network
>     detection tool that watches traffic as it goes by and stops it (if
>     in IPS mode).  The detection is written by the same people at the
>     same time, so everything that Snort has a rule for ClamAV also has
>     a rule for.
>
>     --
>     *Joel Esler*
>     Senior Research Engineer, VRT
>     OpenSource Community Manager
>     Sourcefire
>
>
>     ------------------------------------------------------------------------------
>     Precog is a next-generation analytics platform capable of advanced
>     analytics on semi-structured data. The platform includes APIs for
>     building
>     apps and a phenomenal toolset for data science. Developers can use
>     our toolset for easy data analysis & visualization. Get a free
>     account!
>     http://www2.precog.com/precogplatform/slashdotnewsletter
>     _______________________________________________
>     Snort-users mailing list
>     Snort-users () lists sourceforge net
>     <mailto:Snort-users () lists sourceforge net>
>     Go to this URL to change user options or unsubscribe:
>     https://lists.sourceforge.net/lists/listinfo/snort-users
>     Snort-users list archive:
>     http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
>     Please visit http://blog.snort.org to stay current on all the
>     latest Snort news!

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!