Snort Cookbook

Snort Cookbook


$32.17 $39.99 Save 20% Current price is $32.17, Original price is $39.99. You Save 20%.
View All Available Formats & Editions
Eligible for FREE SHIPPING
  • Use Standard Shipping ,  For guaranteed delivery by Dec. 24.

Customer Reviews

Most Helpful Customer Reviews

See All Customer Reviews

Snort Cookbook 4 out of 5 based on 0 ratings. 1 reviews.
Guest More than 1 year ago
The core of this book is the chapter on Rules and Signatures. Snort is renowned for its rule language and its vast flexibility. It is a reasonably high level 'script' that seems more declarative than procedural. Ok, I'm speaking a little figuratively, but if you scan the rules, you might see what I mean. The chapter explains how to build rules of varying levels of complexity, depending on your needs. One neat trait is the profuse range of options for detecting traffic around the machine running Snort. Of course and inevitably, the default rules base has grown and it is regularly updated. Currently, these defaults number some 3000, and few sysadmins have the expertise to understand all of them. So one recipe tells you how to get and run an updater program (Oinkmaster). Though you are cautioned about letting it change your rules automatically. Other recipes expand upon the rule scope in interesting ways, like looking for p2p or Instant Messaging traffic. You might be responsible for a corporate network that bans these, perhaps. Here is a simple way to show a supervisor how you can stay on top of the problem.