Re: [YOUTUBE] Teo En Ming's Snort IDS Sensor in Action

[James Lay <jlay () slave-tothe-box net>]

On 2014-04-08 11:41, Teo En Ming wrote:
> Dear List,
>
> Please go to Youtube and watch my video of Snort IDS sensor in 
> action!
> The Youtube link is as follows:
>
> http://www.youtube.com/watch?v=NVqlxBJYUj4 [1]
>
> Watch how I added a ICMP packet detection rule in icmp.rules, went to
> http://grc.com [2] to port scan my public IP address, and the ICMP
> packet snort rule firing off.
>
> Dear Joel,
>
> Could you publish my Youtube video on http://www.snort.org/docs [3]?
>
> Dear James Lay,
>
> Since my ICMP packet snort rule fired off when I initiate a port scan
> against my public IP from http://grc.com [4], do you consider my 
> Snort
> IDS sensor to be fully operational?
>
> Regards,
>
> Teo En Ming

Teo,

I would consider that the core functionality of snort is working.  I 
would now go into the tuning phase...verify all private/public IP's that 
you own/manage are in HOME_NET...identify server ports in use and start 
adding them in (SMTP, HTTP, MSSQL, etc...).

James

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!