Get APLawrence.com by RSSSnort Cookbook
May 2005
- Angela Orebaugh,Simon Biles & Jacob Babbin
- O'Reilly
- 0596007914
Order (or just read more about) Snort Cookbook from Amazon.com
Snort is deceptively simple to get started with. On many platforms, you don't even have to compile anything; you can get current binaries for Linux, Mac OS X and even Windows. Nor do many users have to bother with any configuration: the defaults are often perfectly suitable.
This book presents recipes for those who want to do more. I liked that it gave space to Windows, Linux and Mac issues, but I did find this a bit jumbled and disorganized. To some extent, that's the nature of "cookbook" style books, and it's not that there was no attempt at gathering these into major chapter sections like Installation, Logging, etc. I just felt it could have been done better.
I was also a bit disappointed with the coverage of rules in general. Rules are the heart of Snort and this book doesn't do a very good job explaining them. Snort rules aren't particularly difficult (see http://packetstormsecurity.nl/papers/IDS/snort_rules.htm for a good intro), and the authors probably just assumed that you are already at least somewhat familiar with them.
On the other hand, there are a lot of useful tips here. I was not previously aware of the "resp:" mechanism which allows you to close of a session that Snort has identified. None of the rules included with Snort use that, and I must not have gotten that far in the docs, so this was news to me. I also was unaware of http://oinkmaster.sourceforge.net/ for rule updates; the Snort site doesn't mention that. There was more, but these two stand out in my memory.
If you are using Snort, this book might help you get more use out of it.
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.
Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.
We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.
I sell and support
Kerio Mail server
Click here to add your comments
Don't miss responses! Subscribe to Comments by RSS or by Email
Click here to add your comments
If you want a picture to show with your comment, go get a Gravatar