Thursday, January 25, 2007

Snort Report 2 Posted

My second Snort Report has been posted. In this edition I talk about upgrading from an older version to 2.6.1.2, and then I begin discussing the snort.conf file.

I recommend reading the first Snort Report so you can follow along with my methodology. In the third article (to be posted next month) I describe the sorts of activity you can detect without using Snort rules or dynamic preprocessors. The idea behind this series of articles is to develop an intuitive understanding of Snort's capabilities, starting with the basics and becoming more complicated.

2 comments:

Anonymous said...

Hi richard i want to ask you a question about pen testing
which live linux cd you prefer for
pen testing ?
pentoo,backtrack,or other distribution
what is the best ?

Richard Bejtlich said...

Hi anonymous,

I don't do pen testing regularly, so I don't have an opinion. :)