Hello, I have to deploy a Snort based intrusion prevention system. I am total newbie in this, so any kind of help , references for starters would be highly appreciated. Also snort documentation talks about Honeynet Snort Inline Toolkit, but the available link to it is returning 404. I checked it on Honey net but couldn't find it. Als...
i am trying to create a rule for snort to basically log any packets once a user try to access a page with the word "malware" in it. This is what I have, just asking for some guide. So basically once a webpage contain the phrase it show GO CRAZY!!!!!!! alert tcp any any -> any any (content:"malware"; msg:"Someone clone is accessin...
Have three questions that I somehow find related so I put them in same place. Currently building relatively large LAMP system - making use of messaging(activeMQ) , memcache and other goodies. I wonder if there are best practices or nice tips and tricks on howto implement those. System is user aware - meaning all actions done can be bind...