May 2003
Intermediate to advanced
360 pages
10h 27m
English
A powerful feature unique to Snort is related to its capability to gather data. Many commercial IDSs require the operator to specify in advance for which rules data should be kept. An intrusion analyst's work is often nebulous; having to predict what malicious hackers are going to throw at your network perimeter is next to impossible. The only solution is to save every payload that corresponds to suspicious traffic. Snort's creators realized this; hence Snort logs all payloads when possible.
The data contained in a payload is often a window into the mind of your attacker. To gauge a proper response to either a successful or attempted attack, it is imperative to determine the nature of your attacker. ...
Read now
Unlock full access