Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade@private> BKIDWSAI.RVW 20030902 "Intrusion Detection with Snort", Rafeeq Ur Rehman, 2003, 0-13-140733-3, U$39.99/C$62.99 %A Rafeeq Ur Rehman %C One Lake St., Upper Saddle River, NJ 07458 %D 2003 %G 0-13-140733-3 %I Prentice Hall %O U$39.99/C$62.99 +1-201-236-7139 fax: +1-201-236-7131 %O http://www.amazon.com/exec/obidos/ASIN/0131407333/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0131407333/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0131407333/robsladesin03-20 %P 263 p. %T "Intrusion Detection with Snort" Chapter one is a very simple introduction to intrusion detection and Snort. Beginning with a brief look at topology, chapter two runs through an installation of Snort, but does not provide much in the way of explanation or recommendation at the various points. The coverage of Snort rule creation and syntax, in chapter three, is clear and reasonable, but could use more examples of malicious packets and how they might be identified. Chapter four does explain some exploit rules, in discussing preprocessors, but briefly, and then goes on to output options. Chapters five, six, and seven describe MySQL, ACID (Analysis Console for Intrusion Databases), and other tools for using Snort in conjunction with collected information. This is a decent printed documentation for the system, but not much more. copyright Robert M. Slade, 2003 BKIDWSAI.RVW 20030902 ====================== (quote inserted randomly by Pegasus Mailer) rslade@private slade@private rslade@private My parents went to Llanfairpwllgwyngyllgogerychwyrndrobwllllandysiliogogogoch and all I got was this stupid coverall. http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Oct 14 2003 - 08:05:01 PDT