Text
Snort cookbook
Table of Contents
Chapter 1 Installation and Optimization
Introduction
Installing Snort from Source on Unix
Installing Snort Binaries on Linux
Installing Snort on Solaris
Installing Snort on Windows
Uninstalling Snort from Windows
Installing Snort on Mac OS X
Uninstalling Snort from Linux
Upgrading Snort on Linux
Monitoring Multiple Network Interfaces
Invisibly Tapping a Hub
Invisibly Sniffing Between Two Network Points
Invisibly Sniffing 100 MB Ethernet
Sniffing Gigabit Ethernet
Tapping a Wireless Network
Positioning Your IDS Sensors
Capturing and Viewing Packets
Logging Packets That Snort Captures
Running Snort to Detect Intrusions
Reading a Saved Capture File
Running Snort as a Linux Daemon
Running Snort as a Windows Service
Capturing Without Putting the Interface into Promiscuous Mode
Reloading Snort Settings
Debugging Snort Rules
Building a Distributed IDS (Plain Text)
Building a Distributed IDS (Encrypted)
Chapter 2 Logging, Alerts, and Output Plug-ins
Introduction
Logging to a File Quickly
Logging Only Alerts
Logging to a CSV File
Logging to a Specific File
Logging to Multiple Locations
Logging in Binary
Viewing Traffic While Logging
Logging Application Data
Logging to the Windows Event Viewer
Logging Alerts to a Database
Installing and Configuring MySQL
Configuring MySQL for Snort
Using PostgreSQL with Snort and ACID
Logging in PCAP Format (TCPDump)
Logging to Email
Logging to a Pager or Cell Phone
Optimizing Logging
Reading Unified Logged Data
Generating Real-Time Alerts
Ignoring Some Alerts
Logging to System Logfiles
Fast Logging
Logging to a Unix Socket
Not Logging
Prioritizing Alerts
Capturing Traffic from a Specific TCP Session
Killing a Specific Session
Chapter 3 Rules and Signatures
Introduction
How to Build Rules
Keeping the Rules Up to Date
Basic Rules You Shouldn't Leave Home Without
Dynamic Rules
Detecting Binary Content
Detecting Malware
Detecting Viruses
Detecting IM
Detecting P2P
Detecting IDS Evasion
Countermeasures from Rules
Testing Rules
Optimizing Rules
Blocking Attacks in Real Time
Suppressing Rules
Thresholding Alerts
Excluding from Logging
Carrying Out Statistical Analysis
Chapter 4 Preprocessing: An Introduction
Introduction
Detecting Stateless Attacks and Stream Reassembly
Detecting Fragmentation Attacks and Fragment Reassembly with Frag2
Detecting and Normalizing HTTP Traffic
Decoding Application Traffic
Detecting Port Scans and Talkative Hosts
Getting Performance Metrics
Experimental Preprocessors
Writing Your Own Preprocessor
Chapter 5 Administrative Tools
Introduction
Managing Snort Sensors
Installing and Configuring IDScenter
Installing and Configuring SnortCenter
Installing and Configuring Snortsnarf
Running Snortsnarf Automatically
Installing and Configuring ACID
Securing ACID
Installing and Configuring Swatch
Installing and Configuring Barnyard
Administering Snort with IDS Policy Manager
Integrating Snort with Webmin
Administering Snort with HenWen
Newbies Playing with Snort Using EagleX
Chapter 6 Log Analysis
Introduction
Generating Statistical Output from Snort Logs
Generating Statistical Output from Snort Databases
Performing Real-Time Data Analysis
Generating Text-Based Log Analysis
Creating HTML Log Analysis Output
Tools for Testing Signatures
Analyzing and Graphing Logs
Analyzing Sniffed (Pcap) Traffic
Writing Output Plug-ins
Chapter 7 Miscellaneous Other Uses
Introduction
Monitoring Network Performance
Logging Application Traffic
Recognizing HTTP Traffic on Unusual Ports
Creating a Reactive IDS
Monitoring a Network Using Policy-Based IDS
Port Knocking
Obfuscating IP Addresses
Passive OS Fingerprinting
Working with Honeypots and Honeynets
Performing Forensics Using Snort
Snort and Investigations
Snort as Legal Evidence in the U.S.
Snort as Evidence in the U.K.
Snort as a Virus Detection Tool
Staying Legal
Availability
Detail Information
- Series Title
-
--
- Call Number
-
005.8 ORE s
- Publisher
- California : O'Reilly Media., 2005
- Collation
-
xiii, 270 hal.; ilus.; 24 cm
- Language
-
English
- ISBN/ISSN
-
0596007914
- Classification
-
005.8
- Content Type
-
-
- Media Type
-
-
- Carrier Type
-
-
- Edition
-
1st edition
- Subject(s)
- Specific Detail Info
-
--
- Statement of Responsibility
-
Angela Orebaugh, Simon Biles and Jacob Babbin
Other version/related
No other version available
File Attachment
Comments
You must be logged in to post a comment
Computer Science, Information & General Works 
Philosophy & Psychology 
Religion 
Social Sciences 
Language 
Pure Science 
Applied Sciences 
Art & Recreation 
Literature 
History & Geography