May 2001

UNUG Home
Up
November 2001
May 2001
April 2001
March 2001
January 2001
October 2000
September 2000
August 2000

May 22, 2001

Attendees:  David Bear, Tom Boylan, Kevin Brown, Chris Coffin, Frank Davis, Brent Dunlock, Paul Emerson, Lance Erikson, Scott Hancock, Jim Howard, Kirt Karl, Lois Lehman, John Murnane, Mark Peoples, Patrick Rhodes, Greg Viles

SNORT Presentation by Kirt Karl and Mark Peoples with input from Nina Barr who could not be present

General overview of SNORT by Kirt Karl.  PowerPoint slides are available

Mark Peoples presented the implementation of SNORT in the Physical Sciences.

On Windows 2000, run snort as a service not an application

Rulesets are available at:

Ability to send win popups via samba from snort. From Snort.org “Snort has real-time alerting capability, with alerts being sent to syslog, Server Message Block (SMB) "WinPopup" messages,  or a separate "alert" file. “

DCO is running snort with two interfaces, one in promiscuous mode. DCO also runs a Solaris Snort box that sniffs all of the traffic coming into campus.

Reference to Zed Shaw’s Network Monitoring Project, an uncompleted project since Zed left ASU before he could complete it.

Can have snort report directly to syslog which can be a remote machine as per Zed’s setup.

Ssh2 should be ok today to run on a SNORT box since there has not been any reports of vulnerabilities with this version of ssh.

Acid is a front end to a database for logging attacks

Limit the services running on the snort machine

Snort logs to XML, has a beta plug-in in 1.8