This section serves as a concise introduction to the genres of suspicious traffic you will encounter when using Snort. It is by no means an attempt to be all-inclusive or technically detailed. There are numerous resources, both in print and online, related to suspicious traffic analysis. If you have yet to develop intensive signature analysis expertise, this section will help you roughly understand the different genres of attack and their associated intent.
Several phases in orchestrating an attack (see Figure 1.1) are generic enough that they apply to most network-based attacks. Whether hackers are randomly searching for systems or targeting a specific company, they follow a tried-and-true methodology.