Description

Book Synopsis
SNORT, the defacto standard of intrusion detection tools, can save countless headaches; the new SNORT Cookbook will save countless hours of trial and error. Each "recipe" offers a clear description of a gnarly problem, a concise but complete solution, and practical examples. It also showcases the best tips and tricks.

Table of Contents
Preface; 1. Installation and Optimization; 1.1 Installing Snort from Source on Unix; 1.2 Installing Snort Binaries on Linux; 1.3 Installing Snort on Solaris; 1.4 Installing Snort on Windows; 1.5 Uninstalling Snort from Windows; 1.6 Installing Snort on Mac OS X; 1.7 Uninstalling Snort from Linux; 1.8 Upgrading Snort on Linux; 1.9 Monitoring Multiple Network Interfaces; 1.10 Invisibly Tapping a Hub; 1.11 Invisibly Sniffing Between Two Network Points; 1.12 Invisibly Sniffing 100 MB Ethernet; 1.13 Sniffing Gigabit Ethernet; 1.14 Tapping a Wireless Network; 1.15 Positioning Your IDS Sensors; 1.16 Capturing and Viewing Packets; 1.17 Logging Packets That Snort Captures; 1.18 Running Snort to Detect Intrusions; 1.19 Reading a Saved Capture File; 1.20 Running Snort as a Linux Daemon; 1.21 Running Snort as a Windows Service; 1.22 Capturing Without Putting the Interface into Promiscuous Mode; 1.23 Reloading Snort Settings; 1.24 Debugging Snort Rules; 1.25 Building a Distributed IDS (Plain Text); 1.26 Building a Distributed IDS (Encrypted); 2. Logging, Alerts, and Output Plug-ins; 2.1 Logging to a File Quickly; ; 2.2 Logging Only Alerts; 2.3 Logging to a CSV File; ; 2.4 Logging to a Specific File; 2.5 Logging to Multiple Locations; ; 2.6 Logging in Binary; 2.7 Viewing Traffic While Logging; ; 2.8 Logging Application Data; 2.9 Logging to the Windows Event Viewer; 2.10 Logging Alerts to a Database; 2.11 Installing and Configuring MySQL; 2.12 Configuring MySQL for Snort; 2.13 Using PostgreSQL with Snort and ACID; 2.14 Logging in PCAP Format (TCPDump); 2.15 Logging to Email; 2.16 Logging to a Pager or Cell Phone; 2.17 Optimizing Logging; 2.18 Reading Unified Logged Data; 2.19 Generating Real-Time Alerts; 2.20 Ignoring Some Alerts; 2.21 Logging to System Logfiles; 2.22 Fast Logging; 2.23 Logging to a Unix Socket; 2.24 Not Logging; 2.25 Prioritizing Alerts; 2.26 Capturing Traffic from a Specific TCP Session; 2.27 Killing a Specific Session; 3. Rules and Signatures; 3.1 How to Build Rules; 3.2 Keeping the Rules Up to Date; 3.3 Basic Rules You Shouldn't Leave Home Without; 3.4 Dynamic Rules; 3.5 Detecting Binary Content; 3.6 Detecting Malware; 3.7 Detecting Viruses; 3.8 Detecting IM; 3.9 Detecting P2P; 3.10 Detecting IDS Evasion; 3.11 Countermeasures from Rules; 3.12 Testing Rules; 3.13 Optimizing Rules; 3.14 Blocking Attacks in Real Time; 3.15 Suppressing Rules; 3.16 Thresholding Alerts; 3.17 Excluding from Logging; 3.18 Carrying Out Statistical Analysis; 4. Preprocessing: An Introduction; 4.1 Detecting Stateless Attacks and Stream Reassembly; 4.2 Detecting Fragmentation Attacks and Fragment Reassemblywith Frag2; 4.3 Detecting and Normalizing HTTP Traffic; 4.4 Decoding Application Traffic; 4.5 Detecting Port Scans and Talkative Hosts; 4.6 Getting Performance Metrics; 4.7 Experimental Preprocessors; 4.8 Writing Your Own Preprocessor; 5. Administrative Tools; 5.1 Managing Snort Sensors; 5.2 Installing and Configuring IDScenter; 5.3 Installing and Configuring SnortCenter; 5.4 Installing and Configuring Snortsnarf; 5.5 Running Snortsnarf Automatically; 5.6 Installing and Configuring ACID; 5.7 Securing ACID; 5.8 Installing and Configuring Swatch; 5.9 Installing and Configuring Barnyard; 5.10 Administering Snort with IDS Policy Manager; 5.11 Integrating Snort with Webmin; 5.12 Administering Snort with HenWen; 5.13 Newbies Playing with Snort Using EagleX; 6. Log Analysis; 6.1 Generating Statistical Output from Snort Logs; 6.2 Generating Statistical Output from Snort Databases; 6.3 Performing Real-Time Data Analysis; 6.4 Generating Text-Based Log Analysis; 6.5 Creating HTML Log Analysis Output; 6.6 Tools for Testing Signatures; 6.7 Analyzing and Graphing Logs; 6.8 Analyzing Sniffed (Pcap) Traffic; 6.9 Writing Output Plug-ins; 7. Miscellaneous Other Uses; 7.1 Monitoring Network Performance; 7.2 Logging Application Traffic; 7.3 Recognizing HTTP Traffic on Unusual Ports; ; 7.4 Creating a Reactive IDS; 7.5 Monitoring a Network Using Policy-Based IDS; 7.6 Port Knocking; 7.7 Obfuscating IP Addresses; 7.8 Passive OS Fingerprinting; 7.9 Working with Honeypots and Honeynets; 7.10 Performing Forensics Using Snort; 7.11 Snort and Investigations; 7.12 Snort as Legal Evidence in the U.S.; 7.13 Snort as Evidence in the U.K.; 7.14 Snort as a Virus Detection Tool; 7.15 Staying Legal; Index

Snort Cookbook

Product form

£23.99

Includes FREE delivery

RRP £31.99 – you save £8.00 (25%)

Order before 4pm tomorrow for delivery by Tue 23 Dec 2025.

A Paperback / softback by Angela Orebaugh, Simon Biles, Jacob Babbin

Out of stock


    View other formats and editions of Snort Cookbook by Angela Orebaugh

    Publisher: O'Reilly Media
    Publication Date: 03/05/2005
    ISBN13: 9780596007911, 978-0596007911
    ISBN10: 0596007914
    Also in:
    Network security

    Description

    Book Synopsis
    SNORT, the defacto standard of intrusion detection tools, can save countless headaches; the new SNORT Cookbook will save countless hours of trial and error. Each "recipe" offers a clear description of a gnarly problem, a concise but complete solution, and practical examples. It also showcases the best tips and tricks.

    Table of Contents
    Preface; 1. Installation and Optimization; 1.1 Installing Snort from Source on Unix; 1.2 Installing Snort Binaries on Linux; 1.3 Installing Snort on Solaris; 1.4 Installing Snort on Windows; 1.5 Uninstalling Snort from Windows; 1.6 Installing Snort on Mac OS X; 1.7 Uninstalling Snort from Linux; 1.8 Upgrading Snort on Linux; 1.9 Monitoring Multiple Network Interfaces; 1.10 Invisibly Tapping a Hub; 1.11 Invisibly Sniffing Between Two Network Points; 1.12 Invisibly Sniffing 100 MB Ethernet; 1.13 Sniffing Gigabit Ethernet; 1.14 Tapping a Wireless Network; 1.15 Positioning Your IDS Sensors; 1.16 Capturing and Viewing Packets; 1.17 Logging Packets That Snort Captures; 1.18 Running Snort to Detect Intrusions; 1.19 Reading a Saved Capture File; 1.20 Running Snort as a Linux Daemon; 1.21 Running Snort as a Windows Service; 1.22 Capturing Without Putting the Interface into Promiscuous Mode; 1.23 Reloading Snort Settings; 1.24 Debugging Snort Rules; 1.25 Building a Distributed IDS (Plain Text); 1.26 Building a Distributed IDS (Encrypted); 2. Logging, Alerts, and Output Plug-ins; 2.1 Logging to a File Quickly; ; 2.2 Logging Only Alerts; 2.3 Logging to a CSV File; ; 2.4 Logging to a Specific File; 2.5 Logging to Multiple Locations; ; 2.6 Logging in Binary; 2.7 Viewing Traffic While Logging; ; 2.8 Logging Application Data; 2.9 Logging to the Windows Event Viewer; 2.10 Logging Alerts to a Database; 2.11 Installing and Configuring MySQL; 2.12 Configuring MySQL for Snort; 2.13 Using PostgreSQL with Snort and ACID; 2.14 Logging in PCAP Format (TCPDump); 2.15 Logging to Email; 2.16 Logging to a Pager or Cell Phone; 2.17 Optimizing Logging; 2.18 Reading Unified Logged Data; 2.19 Generating Real-Time Alerts; 2.20 Ignoring Some Alerts; 2.21 Logging to System Logfiles; 2.22 Fast Logging; 2.23 Logging to a Unix Socket; 2.24 Not Logging; 2.25 Prioritizing Alerts; 2.26 Capturing Traffic from a Specific TCP Session; 2.27 Killing a Specific Session; 3. Rules and Signatures; 3.1 How to Build Rules; 3.2 Keeping the Rules Up to Date; 3.3 Basic Rules You Shouldn't Leave Home Without; 3.4 Dynamic Rules; 3.5 Detecting Binary Content; 3.6 Detecting Malware; 3.7 Detecting Viruses; 3.8 Detecting IM; 3.9 Detecting P2P; 3.10 Detecting IDS Evasion; 3.11 Countermeasures from Rules; 3.12 Testing Rules; 3.13 Optimizing Rules; 3.14 Blocking Attacks in Real Time; 3.15 Suppressing Rules; 3.16 Thresholding Alerts; 3.17 Excluding from Logging; 3.18 Carrying Out Statistical Analysis; 4. Preprocessing: An Introduction; 4.1 Detecting Stateless Attacks and Stream Reassembly; 4.2 Detecting Fragmentation Attacks and Fragment Reassemblywith Frag2; 4.3 Detecting and Normalizing HTTP Traffic; 4.4 Decoding Application Traffic; 4.5 Detecting Port Scans and Talkative Hosts; 4.6 Getting Performance Metrics; 4.7 Experimental Preprocessors; 4.8 Writing Your Own Preprocessor; 5. Administrative Tools; 5.1 Managing Snort Sensors; 5.2 Installing and Configuring IDScenter; 5.3 Installing and Configuring SnortCenter; 5.4 Installing and Configuring Snortsnarf; 5.5 Running Snortsnarf Automatically; 5.6 Installing and Configuring ACID; 5.7 Securing ACID; 5.8 Installing and Configuring Swatch; 5.9 Installing and Configuring Barnyard; 5.10 Administering Snort with IDS Policy Manager; 5.11 Integrating Snort with Webmin; 5.12 Administering Snort with HenWen; 5.13 Newbies Playing with Snort Using EagleX; 6. Log Analysis; 6.1 Generating Statistical Output from Snort Logs; 6.2 Generating Statistical Output from Snort Databases; 6.3 Performing Real-Time Data Analysis; 6.4 Generating Text-Based Log Analysis; 6.5 Creating HTML Log Analysis Output; 6.6 Tools for Testing Signatures; 6.7 Analyzing and Graphing Logs; 6.8 Analyzing Sniffed (Pcap) Traffic; 6.9 Writing Output Plug-ins; 7. Miscellaneous Other Uses; 7.1 Monitoring Network Performance; 7.2 Logging Application Traffic; 7.3 Recognizing HTTP Traffic on Unusual Ports; ; 7.4 Creating a Reactive IDS; 7.5 Monitoring a Network Using Policy-Based IDS; 7.6 Port Knocking; 7.7 Obfuscating IP Addresses; 7.8 Passive OS Fingerprinting; 7.9 Working with Honeypots and Honeynets; 7.10 Performing Forensics Using Snort; 7.11 Snort and Investigations; 7.12 Snort as Legal Evidence in the U.S.; 7.13 Snort as Evidence in the U.K.; 7.14 Snort as a Virus Detection Tool; 7.15 Staying Legal; Index

    Recently viewed products

    © 2025 Book Curl

      • American Express
      • Apple Pay
      • Diners Club
      • Discover
      • Google Pay
      • Maestro
      • Mastercard
      • PayPal
      • Shop Pay
      • Union Pay
      • Visa

      Login

      Forgot your password?

      Don't have an account yet?
      Create account