l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2003 May 12 20:06

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] Snort / Acid talk, May 14 at SacLUG
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Snort / Acid talk, May 14 at SacLUG

Can someone please confirm that this is the correct
address for Exit Certified in Sacramento? Never been
there before. Googled it and this is what I came up
with. Crrect?

Exit Certified
Authorized Sun Education Center
8950 Cal Center Drive,Suite 110, Bldg. 1
Sacramento, CA 95826 


> ----- Forwarded message from Brian Lavender
> <brian@brie.com> -----
> Date: Tue, 15 Apr 2003 21:32:04 -0700
> From: Brian Lavender <brian@brie.com>
> Subject: [Lug-Nuts] Snort / Acid talk, May 14
> To: Lug Nuts <lug-nuts@saclug.org>
> Reply-To: lug-nuts@saclug.org
> Next SacLUG meeting for May.
> Patrick Southcott will do our next talk on May 14.
> When: May 14, 7 - 9pm
> Where: Exit Certified
> Who: Patrick Southcott
> What: Snort and Acid
> I will paste below what Patrick sent me. I am sure
> he will answer questions. I'll get the website
> updated as shortly.
> brian
> ...some cut-n-paste to describe the idea.
> What is Snort?
> Snort is an open source network intrusion detection
> system, capable of performing real-time traffic
> analysis and packet logging on IP networks. It can
> perform protocol analysis, content
> searching/matching
> and can be used to detect a variety of attacks and
> probes, such as buffer overflows, stealth port
> scans,
> CGI attacks, SMB probes, OS fingerprinting attempts,
> and much more. 
> [http://www.freeos.com/articles/3496/]
> "Snort is a versatile, lightweight and very useful
> intrusion detection system."
> [http://freeos.com/articles/3404/]
> "There are various Intrusion Detection Systems
> available out there, to name a few good ones,
> Tripwire
> and Snort...
> The use of an IDS along with a Firewall provides an
> effective baseline level of security"
> [http://www.snort.org/docs/faq.html]
> 3.1 --faq-- --snort-- --faq-- --snort--
> Q: How do I setup snort on a 'stealth' interface?
> A: Bring up the interface without an IP address on
> it.
> A: Use an ethernet tap, or build your own
> 'receive-only' ethernet cable.    
>    Basically, 1 and 2 on the sniffer side are
> connected, 3 and 6    straight through to the LAN. 1
> and 2 on the LAN side connect to 3 and    6
> respectively. This fakes a link on both ends but
> only
> allows    traffic from the LAN to the sniffer. It
> also
> causes the 'incoming'    traffic to be sent back to
> the LAN, so this cable only works well on    a hub.
> [http://is-it-true.org/fw/fwtips6.shtml]
> What is ACID?
> Analysis Console for Intrusion Databases (ACID) 
> The Analysis Console for Intrusion Databases (ACID)
> is
> a PHP-based analysis engine to search and process a
> database of security events generated by various
> IDSes, firewalls, and network monitoring tools. The
> features currently include: 
> - Query-builder and search interface for finding
> alerts matching on alert meta information (e.g.
> signature, detection time) as well as the underlying
> network evidence (e.g. source/destination address,
> ports, payload, or flags). 
> - Packet viewer (decoder) will graphically display
> the
> layer-3 and layer-4 packet information of logged
> alerts 
> - Alert management by providing constructs to
> logically group alerts to create incidents (alert
> groups), deleting the handled alerts or false
> positives, exporting to email for collaboration, or
> archiving of alerts to transfer them between alert
> databases. 
> - Chart and statistics generation based on time,
> sensor, signature, protocol, IP address, TCP/UDP
> ports, or classification
> -patrick
> -- 
> Brian Lavender
> http://www.brie.com/brian/
> _______________________________________________
> lug-nuts mailing list
> lug-nuts@saclug.org
> http://www.saclug.org/mailman/listinfo/lug-nuts
> ----- End forwarded message -----
> -- 
> bill@newbreedsoftware.com                           
>                 Hire me!
> http://newbreedsoftware.com/bill/   
> http://newbreedsoftware.com/bill/resume/
> _______________________________________________
> vox mailing list
> vox@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox

Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.