shahin
January 26th, 2009, 06:10 PM
Greetings-
I just installed snort, with mysql and php. I also configured my iptables. Now I want to learn more about snort. Unfortunately I only see tcp traffic, which is because I configured iptables not to reply to icmp. I believe I read somewhere that iptables intercepts traffic before snort, is this correct? I learn best by doing small projects. So does anyone have favorite links that thought them how security works? Stuff like
- How do I get signature updates?
- How can I configure my own signatures?
- How do I learn to read the logs? Is there tutorials for stuff to watch for?
- Is there the equivalent of a SIM that can collect the logs from iptables, and system logs, and maybe even snort and present it to user?
- Do you have any favorite tutorials that helped you get a better understanding of IDS/IPS, firewalls, forensics, etc?
I just installed snort, with mysql and php. I also configured my iptables. Now I want to learn more about snort. Unfortunately I only see tcp traffic, which is because I configured iptables not to reply to icmp. I believe I read somewhere that iptables intercepts traffic before snort, is this correct? I learn best by doing small projects. So does anyone have favorite links that thought them how security works? Stuff like
- How do I get signature updates?
- How can I configure my own signatures?
- How do I learn to read the logs? Is there tutorials for stuff to watch for?
- Is there the equivalent of a SIM that can collect the logs from iptables, and system logs, and maybe even snort and present it to user?
- Do you have any favorite tutorials that helped you get a better understanding of IDS/IPS, firewalls, forensics, etc?