O'Reilly logo

Intrusion Detection with Snort by Jack Koziol

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Gathering Intrusion Data

A powerful feature unique to Snort is related to its capability to gather data. Many commercial IDSs require the operator to specify in advance for which rules data should be kept. An intrusion analyst's work is often nebulous; having to predict what malicious hackers are going to throw at your network perimeter is next to impossible. The only solution is to save every payload that corresponds to suspicious traffic. Snort's creators realized this; hence Snort logs all payloads when possible.

Assessing Threats

The data contained in a payload is often a window into the mind of your attacker. To gauge a proper response to either a successful or attempted attack, it is imperative to determine the nature of your attacker. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required