Buying Options
Snort Cookbook
Print $39.95
Add to Cart
Print+Ebook $43.95
Add to Cart
Ebook $31.99
(Mobi, PDF, ePub)
Add to Cart
Safari Books Online
Add to Cart
What is this?
Print £30.50
Add to Cart
What is this?

Snort Cookbook

By
Angela Orebaugh, Simon Biles, Jacob Babbin
Publisher:
O'Reilly Media
Released:
March 2005
Pages:
288
Description
Snort, the defacto standard of intrusion detection tools, can save countless headaches; the new Snort Cookbook will save countless hours of trial and error. Each "recipe" offers a clear description of a gnarly problem, a concise but complete solution, and practical examples. But this ultimate SNORT sourcebook offers more than just immediate cut-and-paste answers; it also showcases the best tips and tricks to leverage the full power of SNORT--and still have a life.
Full Description
Table of Contents

  1. Chapter 1 Installation and Optimization

    1. Introduction

    2. Installing Snort from Source on Unix

    3. Installing Snort Binaries on Linux

    4. Installing Snort on Solaris

    5. Installing Snort on Windows

    6. Uninstalling Snort from Windows

    7. Installing Snort on Mac OS X

    8. Uninstalling Snort from Linux

    9. Upgrading Snort on Linux

    10. Monitoring Multiple Network Interfaces

    11. Invisibly Tapping a Hub

    12. Invisibly Sniffing Between Two Network Points

    13. Invisibly Sniffing 100 MB Ethernet

    14. Sniffing Gigabit Ethernet

    15. Tapping a Wireless Network

    16. Positioning Your IDS Sensors

    17. Capturing and Viewing Packets

    18. Logging Packets That Snort Captures

    19. Running Snort to Detect Intrusions

    20. Reading a Saved Capture File

    21. Running Snort as a Linux Daemon

    22. Running Snort as a Windows Service

    23. Capturing Without Putting the Interface into Promiscuous Mode

    24. Reloading Snort Settings

    25. Debugging Snort Rules

    26. Building a Distributed IDS (Plain Text)

    27. Building a Distributed IDS (Encrypted)

  2. Chapter 2 Logging, Alerts, and Output Plug-ins

    1. Introduction

    2. Logging to a File Quickly

    3. Logging Only Alerts

    4. Logging to a CSV File

    5. Logging to a Specific File

    6. Logging to Multiple Locations

    7. Logging in Binary

    8. Viewing Traffic While Logging

    9. Logging Application Data

    10. Logging to the Windows Event Viewer

    11. Logging Alerts to a Database

    12. Installing and Configuring MySQL

    13. Configuring MySQL for Snort

    14. Using PostgreSQL with Snort and ACID

    15. Logging in PCAP Format (TCPDump)

    16. Logging to Email

    17. Logging to a Pager or Cell Phone

    18. Optimizing Logging

    19. Reading Unified Logged Data

    20. Generating Real-Time Alerts

    21. Ignoring Some Alerts

    22. Logging to System Logfiles

    23. Fast Logging

    24. Logging to a Unix Socket

    25. Not Logging

    26. Prioritizing Alerts

    27. Capturing Traffic from a Specific TCP Session

    28. Killing a Specific Session

  3. Chapter 3 Rules and Signatures

    1. Introduction

    2. How to Build Rules

    3. Keeping the Rules Up to Date

    4. Basic Rules You Shouldn't Leave Home Without

    5. Dynamic Rules

    6. Detecting Binary Content

    7. Detecting Malware

    8. Detecting Viruses

    9. Detecting IM

    10. Detecting P2P

    11. Detecting IDS Evasion

    12. Countermeasures from Rules

    13. Testing Rules

    14. Optimizing Rules

    15. Blocking Attacks in Real Time

    16. Suppressing Rules

    17. Thresholding Alerts

    18. Excluding from Logging

    19. Carrying Out Statistical Analysis

  4. Chapter 4 Preprocessing: An Introduction

    1. Introduction

    2. Detecting Stateless Attacks and Stream Reassembly

    3. Detecting Fragmentation Attacks and Fragment Reassembly with Frag2

    4. Detecting and Normalizing HTTP Traffic

    5. Decoding Application Traffic

    6. Detecting Port Scans and Talkative Hosts

    7. Getting Performance Metrics

    8. Experimental Preprocessors

    9. Writing Your Own Preprocessor

  5. Chapter 5 Administrative Tools

    1. Introduction

    2. Managing Snort Sensors

    3. Installing and Configuring IDScenter

    4. Installing and Configuring SnortCenter

    5. Installing and Configuring Snortsnarf

    6. Running Snortsnarf Automatically

    7. Installing and Configuring ACID

    8. Securing ACID

    9. Installing and Configuring Swatch

    10. Installing and Configuring Barnyard

    11. Administering Snort with IDS Policy Manager

    12. Integrating Snort with Webmin

    13. Administering Snort with HenWen

    14. Newbies Playing with Snort Using EagleX

  6. Chapter 6 Log Analysis

    1. Introduction

    2. Generating Statistical Output from Snort Logs

    3. Generating Statistical Output from Snort Databases

    4. Performing Real-Time Data Analysis

    5. Generating Text-Based Log Analysis

    6. Creating HTML Log Analysis Output

    7. Tools for Testing Signatures

    8. Analyzing and Graphing Logs

    9. Analyzing Sniffed (Pcap) Traffic

    10. Writing Output Plug-ins

  7. Chapter 7 Miscellaneous Other Uses

    1. Introduction

    2. Monitoring Network Performance

    3. Logging Application Traffic

    4. Recognizing HTTP Traffic on Unusual Ports

    5. Creating a Reactive IDS

    6. Monitoring a Network Using Policy-Based IDS

    7. Port Knocking

    8. Obfuscating IP Addresses

    9. Passive OS Fingerprinting

    10. Working with Honeypots and Honeynets

    11. Performing Forensics Using Snort

    12. Snort and Investigations

    13. Snort as Legal Evidence in the U.S.

    14. Snort as Evidence in the U.K.

    15. Snort as a Virus Detection Tool

    16. Staying Legal

  1. Colophon

View Full Table of Contents
Product Details
Title:
Snort Cookbook
By:
Angela Orebaugh, Simon Biles, Jacob Babbin
Publisher:
O'Reilly Media
Formats:
  • Print
  • Ebook
  • Safari Books Online
Print Release:
March 2005
Ebook Release:
February 2009
Pages:
288
Print ISBN:
978-0-596-00791-1
| ISBN 10:
0-596-00791-4
Ebook ISBN:
978-0-596-10468-9
| ISBN 10:
0-596-10468-5
Customer Reviews
About the Authors

  1. Angela Orebaugh

    Angela Orebaugh is an information security technologist, scientist, and author with a broad spectrum of expertise in information assurance. She synergizes her 15 years of hands-on experiences within industry, academia, and government to advise clients on information assurance strategy, management, and technologies.

    Ms. Orebaugh is involved in several security initiatives with the National Institute of Standards and Technology (NIST), including technical Special Publications (800 series), the National Vulnerability Database (NVD), Security Content Automation Protocol (SCAP) project, and secure eVoting.

    Ms. Orebaugh is an Adjunct Professor for George Mason University where she performs research and teaching in intrusion detection and forensics. She developed and teaches the Intrusion Detection curriculum, a core requirement for the Forensics program in the Department of Electrical and Computer Engineering. Her current research interests include peer-reviewed publications in the areas of intrusion detection and prevention, data mining, attacker profiling, user behavior analysis, and network forensics.

    Ms. Orebaugh is the author of the Syngress best seller's Nmap in the Enterprise, Wireshark and Ethereal Network Protocol Analyzer Toolkit, and Ethereal Packet Sniffing. She has also co-authored the Snort Cookbook, Intrusion Prevention and Active Response, and How to Cheat at Configuring Open Source Security Tools. Angela is a frequent speaker at a variety of security conferences and technology events, including the SANS Institute and The Institute for Applied Network Security.

    Ms. Orebaugh holds a Masters degree in Computer Science and a Bachelors degree in Computer Information Systems from James Madison University. She is currently completing her dissertation for her Ph.D. at George Mason University, with a concentration in Information Security.

    View Angela Orebaugh's full profile page.

  2. Simon Biles

    Simon Biles is currently Director of Thinking Security Ltd. an Information Security Consultancy based near Oxford in the UK. The company deals with all aspects of InfoSec from Incident Response and Forensics through to ISO 27001 work. He is currently studying for his MSc in Forensic Computing at Shrivenham with Cranfield University. He holds a CISSP, is Certified as an ISO17799 Lead Auditor, is a Chartered IT Professional with the British Computer Society and is also a member of F3 - the UK's First Forensic Forum. Currently he is involved in a project to define and support best practices in Forensics - you can find out more about this at the Open Forensics Group.

    View Simon Biles's full profile page.

  3. Jacob Babbin

    Jake Babbin works as a contractor with a government agency filling the role of Intrusion Detection Team Lead. He has worked in both private industry as a security professional and in government space in a variety of IT security roles. He is a speaker at several IT security conferences and is a frequent assistant in SANS Security Essentials Bootcamp, Incident Handling and Forensics courses. Jake lives in Virginia.

    View Jacob Babbin's full profile page.

Colophon

Our look is the result of reader comments, our own experimentation, and feedback from distribution channels. Distinctive covers complement our distinctive approach to technical topics, breathing personality and life into potentially dry subjects. The image on the cover of Snort Cookbook is of a charging soldier clad in traditional Scottish military dress. In 1747, the Act for the Abolition of Highland Dress provided that no man or boy in Scotland, except officers and soldiers, could wear clothes commonly called Highland garb. Specifically, this meant plaid, philabeg, or little kilt, trews, and shoulderbelt. Some historians record that, immediately after this act was passed, orders were given to kill on the spot anyone dressed in this fashion. However, since Highland regiments had a widespread reputation for their agility, bravery, and heroism, especially during the Napoleonic Wars, the tartan soon became imbued with new prestige and glamour. In fact, Highlanders made such a great impression on their enemies that it was said the French believed there were twelve battalions of them in the British army, instead of two.

The weapon carried by the soldier in this image is a bayonet. Although generally considered the infantryman's assault weapon, this instrument was originally intended for defense. With the combined length of the musket and bayonet, infantry standing two and three deep could hold their ground against a sudden rush of cavalry. Adam Witwer was the production editor, and Linley Dolby was the copyeditor for Snort Cookbook. Lydia Onofrei performed the source check. Ann Schirmer proofread the text. Sarah Sherman and Claire Cloutier provided quality control. Lucie Haskins wrote the index.

Emma Colby designed the cover of this book, based on a series design by Edie Freedman. The cover image is a 19th-century engraving from the Dover Pictorial Archive. Karen Montgomery produced the cover layout with Adobe InDesign CS using Adobe's ITC Garamond font.

David Futato designed the interior layout. This book was converted by Judy Hoer to FrameMaker 5.5.6 with a format conversion tool created by Erik Ray, Jason McIntosh, Neil Walls, and Mike Sierra that uses Perl and XML technologies. The text font is Linotype Birka; the heading font is Adobe Myriad Condensed; and the code font is LucasFont's TheSans Mono Condensed. The illustrations that appear in the book were produced by Robert Romano, Jessamyn Read, and Lesley Borash using Macromedia FreeHand MX and Adobe Photoshop CS. The tip and warning icons were drawn by Christopher Bing. This colophon was written by Lydia Onofrei.

  • Book cover of Snort Cookbook
Got a Question?
icons
Favicon Service and support by Satisfaction