[ISN] REVIEW: "Intrusion Detection with Snort", Rafeeq Ur Rehman

From: InfoSec News (isn@private)
Date: Tue Oct 14 2003 - 05:16:50 PDT

  • Next message: InfoSec News: "[ISN] Houston suspect 'ran hacker gang'"

    Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade@private>
    
    BKIDWSAI.RVW   20030902
    
    "Intrusion Detection with Snort", Rafeeq Ur Rehman, 2003,
    0-13-140733-3, U$39.99/C$62.99
    %A   Rafeeq Ur Rehman
    %C   One Lake St., Upper Saddle River, NJ   07458
    %D   2003
    %G   0-13-140733-3
    %I   Prentice Hall
    %O   U$39.99/C$62.99 +1-201-236-7139 fax: +1-201-236-7131
    %O  http://www.amazon.com/exec/obidos/ASIN/0131407333/robsladesinterne
      http://www.amazon.co.uk/exec/obidos/ASIN/0131407333/robsladesinte-21
    %O   http://www.amazon.ca/exec/obidos/ASIN/0131407333/robsladesin03-20
    %P   263 p.
    %T   "Intrusion Detection with Snort"
    
    Chapter one is a very simple introduction to intrusion detection and
    Snort.  Beginning with a brief look at topology, chapter two runs
    through an installation of Snort, but does not provide much in the way
    of explanation or recommendation at the various points.  The coverage
    of Snort rule creation and syntax, in chapter three, is clear and
    reasonable, but could use more examples of malicious packets and how
    they might be identified.  Chapter four does explain some exploit
    rules, in discussing preprocessors, but briefly, and then goes on to
    output options.  Chapters five, six, and seven describe MySQL, ACID
    (Analysis Console for Intrusion Databases), and other tools for using
    Snort in conjunction with collected information.
    
    This is a decent printed documentation for the system, but not much
    more.
    
    copyright Robert M. Slade, 2003   BKIDWSAI.RVW   20030902
    
    
    ======================  (quote inserted randomly by Pegasus Mailer)
    rslade@private      slade@private      rslade@private
                                 My parents went to
           Llanfairpwllgwyngyllgogerychwyrndrobwllllandysiliogogogoch
                       and all I got was this stupid coverall.
    http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Oct 14 2003 - 08:05:01 PDT