Focus on IDS
Need help/info May 20 2009 10:25PM
ubernewbie (duppyconqueror33 gmail com) (4 replies)
Re: Need help/info May 25 2009 07:57PM
Joel Esler (eslerj gmail com)
Re: Need help/info May 25 2009 06:27PM
Richard Bejtlich (taosecurity gmail com) (1 replies)
Re: Need help/info May 26 2009 11:12AM
Stephen Mullins (steve mullins work gmail com)
Re: Need help/info May 23 2009 07:12PM
Stephen Mullins (steve mullins work gmail com) (2 replies)
Re: Need help/info May 25 2009 10:19PM
Fossett, Jeff S (Fossett Jeff con-way com)
Re: Need help/info May 25 2009 08:09PM
Tyrel McMahan (tyrel tyrel pl)
Might I recommend a book? "The TAO of Network Security Monitoring" by
Richard Bejtlich has been a great book for me. He is a big user of
squil (pronounced SQUEAL) and other tools using FreeBSD and open
source tools. I did an interview with a him a while back and then
later read his book:

THe book is ISBN 0-321-24677-2
Hope that helps, enjoy!

Tyrel McMahan
tyrel (at) tyrel (dot) pl [email concealed]
+48.697.770.444 (Warsaw, PL)

gpg Public Key:
555E C4FB 43C1 EDB5 A71F 9619 EB02 3E62 DEEE 7418

On 2009-05-23, at 21:12, Stephen Mullins wrote:

> All of the information you need is available on the web. Just google
> your way through this. At the end of it all you should be pretty well
> versed in Snort and associated tasks (sensor placement etc.).
> Have fun with it. I'm a little envious that you get to do this
> security build out from scratch. I have resorted to deploying Snort
> on my home network to get that experience. If you aren't set on an
> analysis front end yet I suggest Sguil, of which I am a big fan.
> Steve Mullins
> On Wed, May 20, 2009 at 6:25 PM, ubernewbie <duppyconqueror33 (at) gmail (dot) com [email concealed]
> > wrote:
>> I work for a small company with a hub/spoke network. I've been
>> tasked with
>> setting up an IDS(Snort) to begin monitoring security related
>> events and
>> basically build out a security program/infrastructure. Do any of
>> you have
>> any good sites/forums that go into the process of intrusion
>> detection. I can
>> get the alerts from snort but there are so many that it it's hard
>> to make
>> heads or tails. I'm looking for ideas on what to look for and what
>> to pay
>> specific attention to. Also any good websites that alert/explain new
>> vulnerabilities would be great. Any help would be appreciated.
>> --
>> View this message in context:
>> Sent from the IDS (Intrusion Detection System) mailing list archive
>> at

[ reply ]
Re: Need help/info May 21 2009 02:26PM
Alexandros Papadopoulos (apapadop alumni cmu edu)


Privacy Statement
Copyright 2010, SecurityFocus