[vox] Snort / Acid talk, May 14 at SacLUG

Nathan Johanson vox@lists.lugod.org
Mon, 12 May 2003 19:21:18 -0700 (PDT) 

Can someone please confirm that this is the correct
address for Exit Certified in Sacramento? Never been
there before. Googled it and this is what I came up
with. Crrect?

Exit Certified
Authorized Sun Education Center
8950 Cal Center Drive,Suite 110, Bldg. 1
Sacramento, CA 95826 

Nathan

> ----- Forwarded message from Brian Lavender
> <brian@brie.com> -----
> 
> Date: Tue, 15 Apr 2003 21:32:04 -0700
> From: Brian Lavender <brian@brie.com>
> Subject: [Lug-Nuts] Snort / Acid talk, May 14
> To: Lug Nuts <lug-nuts@saclug.org>
> Reply-To: lug-nuts@saclug.org
> 
> Next SacLUG meeting for May.
> 
> Patrick Southcott will do our next talk on May 14.
> 
> When: May 14, 7 - 9pm
> Where: Exit Certified
> Who: Patrick Southcott
> What: Snort and Acid
> 
> I will paste below what Patrick sent me. I am sure
> he will answer questions. I'll get the website
> updated as shortly.
> 
> brian
> 
> ...some cut-n-paste to describe the idea.
> 
>
--------------------[http://www.snort.org/about.html]
> What is Snort?
> Snort is an open source network intrusion detection
> system, capable of performing real-time traffic
> analysis and packet logging on IP networks. It can
> perform protocol analysis, content
> searching/matching
> and can be used to detect a variety of attacks and
> probes, such as buffer overflows, stealth port
> scans,
> CGI attacks, SMB probes, OS fingerprinting attempts,
> and much more. 
> 
> [http://www.freeos.com/articles/3496/]
> "Snort is a versatile, lightweight and very useful
> intrusion detection system."
> 
> [http://freeos.com/articles/3404/]
> "There are various Intrusion Detection Systems
> available out there, to name a few good ones,
> Tripwire
> and Snort...
> The use of an IDS along with a Firewall provides an
> effective baseline level of security"
> 
> [http://www.snort.org/docs/faq.html]
> 3.1 --faq-- --snort-- --faq-- --snort--
> Q: How do I setup snort on a 'stealth' interface?
> A: Bring up the interface without an IP address on
> it.
> A: Use an ethernet tap, or build your own
> 'receive-only' ethernet cable.    
>    Basically, 1 and 2 on the sniffer side are
> connected, 3 and 6    straight through to the LAN. 1
> and 2 on the LAN side connect to 3 and    6
> respectively. This fakes a link on both ends but
> only
> allows    traffic from the LAN to the sniffer. It
> also
> causes the 'incoming'    traffic to be sent back to
> the LAN, so this cable only works well on    a hub.
> 
>
------------------------------------------------------
> [http://is-it-true.org/fw/fwtips6.shtml]
>
[http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html]
> What is ACID?
> Analysis Console for Intrusion Databases (ACID) 
> The Analysis Console for Intrusion Databases (ACID)
> is
> a PHP-based analysis engine to search and process a
> database of security events generated by various
> IDSes, firewalls, and network monitoring tools. The
> features currently include: 
> 
> - Query-builder and search interface for finding
> alerts matching on alert meta information (e.g.
> signature, detection time) as well as the underlying
> network evidence (e.g. source/destination address,
> ports, payload, or flags). 
> - Packet viewer (decoder) will graphically display
> the
> layer-3 and layer-4 packet information of logged
> alerts 
> - Alert management by providing constructs to
> logically group alerts to create incidents (alert
> groups), deleting the handled alerts or false
> positives, exporting to email for collaboration, or
> archiving of alerts to transfer them between alert
> databases. 
> - Chart and statistics generation based on time,
> sensor, signature, protocol, IP address, TCP/UDP
> ports, or classification
>
------------------------------------------------------
> 
> -patrick
> 
> 
> -- 
> Brian Lavender
> http://www.brie.com/brian/
> _______________________________________________
> lug-nuts mailing list
> lug-nuts@saclug.org
> http://www.saclug.org/mailman/listinfo/lug-nuts
> 
> ----- End forwarded message -----
> 
> -- 
> bill@newbreedsoftware.com                           
>                 Hire me!
> http://newbreedsoftware.com/bill/   
> http://newbreedsoftware.com/bill/resume/
> _______________________________________________
> vox mailing list
> vox@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox


__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com