l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2003 Apr 16 08:16

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] Snort / Acid talk, May 14 at SacLUG
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] Snort / Acid talk, May 14 at SacLUG

----- Forwarded message from Brian Lavender <brian@brie.com> -----

Date: Tue, 15 Apr 2003 21:32:04 -0700
From: Brian Lavender <brian@brie.com>
Subject: [Lug-Nuts] Snort / Acid talk, May 14
To: Lug Nuts <lug-nuts@saclug.org>
Reply-To: lug-nuts@saclug.org

Next SacLUG meeting for May.

Patrick Southcott will do our next talk on May 14.

When: May 14, 7 - 9pm
Where: Exit Certified
Who: Patrick Southcott
What: Snort and Acid

I will paste below what Patrick sent me. I am sure
he will answer questions. I'll get the website
updated as shortly.


...some cut-n-paste to describe the idea.

What is Snort?
Snort is an open source network intrusion detection
system, capable of performing real-time traffic
analysis and packet logging on IP networks. It can
perform protocol analysis, content searching/matching
and can be used to detect a variety of attacks and
probes, such as buffer overflows, stealth port scans,
CGI attacks, SMB probes, OS fingerprinting attempts,
and much more. 

"Snort is a versatile, lightweight and very useful
intrusion detection system."

"There are various Intrusion Detection Systems
available out there, to name a few good ones, Tripwire
and Snort...
The use of an IDS along with a Firewall provides an
effective baseline level of security"

3.1 --faq-- --snort-- --faq-- --snort--
Q: How do I setup snort on a 'stealth' interface?
A: Bring up the interface without an IP address on it.
A: Use an ethernet tap, or build your own
'receive-only' ethernet cable.    
   Basically, 1 and 2 on the sniffer side are
connected, 3 and 6    straight through to the LAN. 1
and 2 on the LAN side connect to 3 and    6
respectively. This fakes a link on both ends but only
allows    traffic from the LAN to the sniffer. It also
causes the 'incoming'    traffic to be sent back to
the LAN, so this cable only works well on    a hub.

What is ACID?
Analysis Console for Intrusion Databases (ACID) 
The Analysis Console for Intrusion Databases (ACID) is
a PHP-based analysis engine to search and process a
database of security events generated by various
IDSes, firewalls, and network monitoring tools. The
features currently include: 

- Query-builder and search interface for finding
alerts matching on alert meta information (e.g.
signature, detection time) as well as the underlying
network evidence (e.g. source/destination address,
ports, payload, or flags). 
- Packet viewer (decoder) will graphically display the
layer-3 and layer-4 packet information of logged
- Alert management by providing constructs to
logically group alerts to create incidents (alert
groups), deleting the handled alerts or false
positives, exporting to email for collaboration, or
archiving of alerts to transfer them between alert
- Chart and statistics generation based on time,
sensor, signature, protocol, IP address, TCP/UDP
ports, or classification


Brian Lavender
lug-nuts mailing list

----- End forwarded message -----

bill@newbreedsoftware.com                                            Hire me!
http://newbreedsoftware.com/bill/    http://newbreedsoftware.com/bill/resume/
vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.