Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Three Snort Books Reviewed

Posted by timothy on Wed Aug 13, 2003 12:30 PM
from the harumph-harumph dept.
Security The Internet Technology
Eric Stats writes "Working as a Network Engineer for web-hosting company that prides itself on uptime and network availability, and moonlighting as a part-time Linux administrator, my managers and clients are starting to expect a level of information security knowledge from me. I decided that if I wanted to take my career to the next level, I needed to develop some security-specific skills. I heard a lot about the open source Intrusion Detection System (IDS), Snort from friends and co-workers (mostly that it was a pain to get running, and an even bigger pain to understand what it was doing)." To get past those frustrations, Eric looked at two more books on Snort (and compares them to the already-reviewed Intrusion Detection with Snort ); read on below for his take on what each offers.
Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID; Intrusion Detection with Snort; Snort 2.0 Intrusion Detection
author (See each)
pages (See each)
publisher (See each)
rating (See each)
reviewer Eric Stats
ISBN (See each)
summary (See each)

I ran Snort at home for a while, using the online docs, but I could never get a handle on which output plugin to use (When to log? When to alert?), how to email alerts to myself (I later found out Snort doesn't natively do this), and how to create signatures from packet captures (no online docs at all for this). When I did get The Pig running, it filled up my log directory with thousands of small alert files, which ended up being in tcpdump format. This frustrated the hell out of me, so I decided I needed to find a good book on Snort, as the online docs simply did not describe how to use Snort from start to finish.

In the past few months, an assortment of books have come out on Snort. Because it has begun to eclipse closed-source, multimillion dollar IDSes in terms of raw performance and features, much attention is currently focused on Snort. Naturally, when an open source project achieves this level of notoriety, publishers, venture capitalists, and corporations want to get in on the game. The flood of Snort books is a testament to this, but it doesn't mean they were all created equally. This book review covers the three books on Snort currently available (we will see another two Snort books later this winter). It covers what is good about them, what is bad, and who the target audience is for each. If you are looking to learn intrusion detection the open source way, or simply do not have a million-dollar IT security budget, these books are a good starting point.

Each of these three books serves a different purpose and consequently is appropriate for a different reader. In summary, Rafeeq Rehman's Intrusion Detection with Snort: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID presents a concise, quick-start guidebook to getting Snort up and running fast. He doesn't delve into the details of Snort, and this book makes a perfect choice for a reader who wants to get The Pig up and running quickly and move on to something else.

The whole gaggle of authors that put together Snort 2.0 Intrusion Detection created a much-needed user manual for Snort. This book makes for good desktop reference, but assumes you understand the core concepts of intrusion detection, or have significant field experience with Snort. It is also somewhat convoluted to read; I suppose it's inevitable when you have 12 authors working on a single book, it is going to come out somewhat disjointed and jumbled. If I hadn't read the other two books first, I doubt I would have been able to piece together what this book is talking about in places. (Such as referring to Barnyard logs in one chapter and "unified binary format" in another; how is the reader going to know they are the same?)

Lastly, Jack Koziol's Intrusion Detection with Snort is a guidebook for using Snort in the real world, either on small networks or in large corporate settings. Like any security tool, Snort is only as effective as its operator. Snort can do an enormous number of things, but if you don't understand the "how and why" you aren't going to be able to apply your knowledge in unexpected, different, or new situations. Koziol's book bridges the gap and teaches you the nitty-gritty Snort details not found in online docs, as well as how to apply your newfound IDS knowledge in practice. This book does lack in terms of screenshots and diagrams, which can be frustrating at points. Instead of a paragraph of text, a simple diagram would have sufficed.

Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID
author Rafeeq Rehman
pages 288
publisher Prentice Hall
rating 7/10
ISBN 0131407333

I first picked up Rehman's Intrusion Detection with Snort: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID. Rehman's book is also a member of the Bruce Perens Open Source Series. All of the books in his series are published under the OPL. Overall, Rehman's book served as a good intro to Snort. I followed the examples, used some of the custom startup and log-rotation scripts, and got Snort working for the first time. I also learned of ACID, which is a PHP-based GUI for Snort, put out by Carnegie Mellon's CERT/CC. It makes managing alerts from Snort much less time-intensive. It was an exciting experience, but the book left me in the dark on a number of concepts that I knew I needed to learn. I still didn't understand what I was getting out of Snort; I had so many alerts I couldn't "tune out the noise." I didn't know when to use log or alert plugins, so I just turned on both for safety's sake. I also found that Snort was dropping packets (meaning it wasn't able to keep up with the traffic load going to my webservers hosted at home), but didn't find any way to fix this problem. This setup was fine for experimenting at home, but I didn't feel I would be able to use Snort in a mission-critical corporate setting yet.

Intrusion Detection with Snort
author Jack Koziol
pages 400
publisher SAMS Publishing
rating 9/10
ISBN 157870281X

I thumbed through Jack Koziol's Intrusion Detection with Snort at the bookstore, and it seemed to have some more detailed descriptions of using Snort. It also had a lot of the planning, deployment, and maintenance activities you never think of until you are faced with one at 2 a.m. (such as how to upgrade Snort in an organized manner after a vicious integer overflow exploit is released for a core Snort component). It is also the most popular Snort book, so I figured I would buy it. When I took it home, I learned where to place Snort on a network, and what advantages and disadvantages there are to different IDS sensor placement strategies, something I had never considered.

Koziol's book also had the technical detail I was in desperate need of. I learned how to use Barnyard to spool alerts, which keeps Snort from dropping packets. I got to write my own attack signatures from scratch by using Ethereal packet captures in an controlled lab environment. I created a targeted ruleset; it enables specific attack signatures based on what I actually have running on my network, simply using nmap and some complicated perl scripts. The targeted ruleset went a long way to reducing false alerts, and is now a selling product from the Snort commercial vendor, Sourcefire. I finally got email alerts working using syslog-ng with Snort. The book ends with some more advanced content, namely using Snort as an Intrusion Prevention device. You can setup Snort to block packets that match a signature, using Inline Snort, or you can have Snort reconfigure routers and firewalls to block offending IP addresses, using SnortSam. I've experimented with Inline Snort as part of a honeypot, but, as the author points out, this is not yet production-safe, as it can easily be used by attackers to disrupt network availability.

Snort 2.0 Intrusion Detection
authors Jay Beale, Anne Carasik, Aidan Carty, Scott Dentler, Adam M. Doxtater, Wally Eaton, Jeremy Faircloth, James C. Foster, Vitaly Osipov, Jeffrey Posluns, Ryan Russell, Brian Caswell
pages 485
publisher Syngress
rating 4/10
ISBN 1931836744

The final Snort book in this review is Snort 2.0 Intrusion Detection. This book has a lot of the screenshots and figures that the Koziol and Rehman books leaves out. It also contains a lot of useful diagrams, about one for every other page, and a CD-ROM with all of the Snort source and a pdf version of the book. This book, and the Koziol book, cover Snort version 2.0, which isn't all that much different from version 1.9 covered in the Rehman book. Still, it is nice to have the most up-to-date documentation, but it doesn't make the Rehman book any less effective. This book has the most reference material in it, over 500 pages' worth, and it has very organized user manual-like descriptions of important Snort components (preprocessors, output plugins, and rules). Keep in mind that this book was created more as a user manual rather than an implementer's guide. You aren't going to see planning, deployment, and maintenance activities as well as technical deployment examples, as in the Koziol book. And, you aren't going to find a concise quick-start guide such as the Rehman book.

In summary, you aren't going to find anything in this book that isn't in the other two. What you will find is lengthy descriptions, and a lot more screenshots. As stated before, Snort 2.0 Intrusion Detection was written by 12 different people (one of them a Sourcefire employee and Snort.org website maintainer, Brian Caswell). This is obviously done by the publisher to get the book out as fast as possible, which is important for technology book publishers as books are outdated quickly, but has the end result of a disjointed book that contradicts itself in many areas. An example: one author stresses how deadly important it is for us to only use the latest Snort version, while another tells us to use the CDROM that comes with the book, which contains an outdated version of Snort.

You can clearly tell a different authors worked on different chapters, as the style and format change frequently. You can also tell that the authors didn't talk to each other much, as you will find one author referring to something in one chapter (unified binary format) that he expected to have been explained in a previous chapter. In print, the concept was not explained until later, which can be really frustrating if you are not a Snort pro. Additionally, there are enough grammatical errors in the book to be distracting, and, much like a vendor-provided user manual, the chapters don't logically flow from one to the next. If you do purchase this book, this slashdotter would recommend it as a supplement to either the Rehman or Koziol book.

You can purchase Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID , Intrusion Detection with Snort , and Snort 2.0 Intrusion Detection from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

This discussion has been archived. No new comments can be posted.
Three Snort Books Reviewed | Log In/Create an Account | Top | 123 comments | Search Discussion
Display Options Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • Who needs snort? (Score:2, Funny)

    by mjmalone (677326) * on Wednesday August 13 2003, @12:30PM (#6687663)
    (http://www.vino2vino.com/)
    Just put a teletype machine between your wall jack and your modem! DUH! If only FSF had this setup we wouldn't be in the pickle we're in!
    • 1 reply beneath your current threshold.

  • *snort* (Score:5, Funny)

    by bytesmythe (58644) <bytesmythe@[ ]il.com ['gma' in gap]> on Wednesday August 13 2003, @12:31PM (#6687677)
    Apparently the FSF could use a copy of this book...

    • Re:*snort* (Score:5, Funny)

      by mini me (132455) on Wednesday August 13 2003, @12:32PM (#6687693)
      You mean MD5 sums from random people on the internet isn't good enough?
      [ Parent ]
      • 1 reply beneath your current threshold.
    • Re:*snort* by saint10 (Score:1) Wednesday August 13 2003, @12:39PM
      • Re:*snort* by bytesmythe (Score:2) Wednesday August 13 2003, @12:42PM
    • 1 reply beneath your current threshold.

  • Anyone else read that as (Score:1, Funny)

    by Steven Blanchley (655585) on Wednesday August 13 2003, @12:31PM (#6687680)
    "Three Short Books Reviewed"?

  • If you need a commercial product with 24x7 support (Score:3, Informative)

    by phaetonic (621542) on Wednesday August 13 2003, @12:32PM (#6687696)
    Check out Symantec's ManHunt [symantec.com]. Besides getting great support, this uses open source software (snort) and now runs on Red Hat Linux!

  • Intrusion Detection is not plug and play (Score:5, Insightful)

    by saint10 (248611) on Wednesday August 13 2003, @12:33PM (#6687711)
    I would have to agree, Intrusion Detection technology is by no means plug and play... You need more than just a user manual, you have to understand what is actually going on and tune your IDS appropriately.

  • Idiots.. (Score:2, Funny)

    by Anonymous Coward on Wednesday August 13 2003, @12:34PM (#6687722)
    I don't even need one book to snort properly.

  • Drug related titles (Score:5, Funny)

    by bytesmythe (58644) <bytesmythe@[ ]il.com ['gma' in gap]> on Wednesday August 13 2003, @12:38PM (#6687755)
    From one of the book titles:
    Using SNORT, Apache, MySQL, PHP, and ACID

    This somehow strikes me as a veiled reference to cocaine, peyote, qualuudes, phencyclidine, and LSD. No longer will pharmacologically-enhanced computing be restricted to the caffeine you get from a case of Jolt!

  • I'm still waiting... (Score:2, Insightful)

    by packethead (322873) on Wednesday August 13 2003, @12:38PM (#6687758)
    for an integrated Intrusion Prevention System (IPS). Detecting the treat is one thing. But detecting then bit-bucketing it (I know, another made up verb) is another matter. Also, false-pos's? "White Noise"?

    Oh well, another topic.

  • A bit offtopic I know, but... (Score:1, Offtopic)

    by StringBlade (557322) on Wednesday August 13 2003, @12:39PM (#6687763)
    (Last Journal: Thursday July 17 2003, @03:19PM)
    At first, I thought the infamous spelling ability of our editors managed to munge the article title of "Three Short Books Reviewed"!

  • Did anybody read... (Score:2, Funny)

    by bersl2 (689221) on Wednesday August 13 2003, @12:39PM (#6687770)
    (Last Journal: Tuesday September 25, @04:26AM)
    Did anybody read that word as "snort" instead of "short?" I thought for a moment that I was losing my mind.

    [crickets chirp]

    Oh, wait...

  • The problem is... (Score:2, Interesting)

    by TypoNAM (695420) on Wednesday August 13 2003, @12:42PM (#6687819)
    It would have taken me to read all three of those books just figure out where to place those damn rule files at. I could have RTFM, but no one has published that snort title yet.

    Becides I rather setup a honeypot and watch the hackers break in. It's like watching ants trying to break out of the glass. You're going no where bub! >:D

  • Web attack Forensic documents (Score:4, Informative)

    by Anonymous Coward on Wednesday August 13 2003, @12:44PM (#6687840)
    These documents where the baseline for many of the web-attacks.rules used in snort.

    Fingerprinting port 80 attacks Part one [cgisecurity.net]
    Fingerprinting port 80 attacks part two [cgisecurity.net]
    • 1 reply beneath your current threshold.

  • I don't need snort (Score:4, Funny)

    by ianjk (604032) on Wednesday August 13 2003, @12:54PM (#6687944)
    Windows XP firewall keeps my network safe.

  • Frustrated? (Score:2)

    by indole (177514) <<fluxist> <at> <gmail.com>> on Wednesday August 13 2003, @12:55PM (#6687955)
    (http:///..org)
    To get past those frustrations...
    This frustrated the hell out of me...
    frustrating at points...
    really frustrating...
    Dude! Chill the fsck out. Its only computer book.
    • Re:Frustrated? by timeOday (Score:2) Wednesday August 13 2003, @01:16PM
    • 1 reply beneath your current threshold.

  • Integration With Vulnerability Assessment Engines (Score:3, Interesting)

    by illectro (697914) on Wednesday August 13 2003, @01:13PM (#6688127)
    Qualys launched a neat Snort correlation system which works with their scanner - the idea is that if the IDS detects a potential exploit attempt against a target it can check up the vulnerability report on that machine and figure out whether the attack has any chance of working based on the Qualysguard tests.


    Nice theory, of course you do need a qualys account which costs a bunch (they do lead the field though), but they reckon it cuts down false alarms by a huge chunk. They launched this at Blackhat this year (along with the law of vulnerabilities) and it's been open sourced (yay!).

  • Three Cheers for Slashdot (Score:1, Interesting)

    by Anonymous Coward on Wednesday August 13 2003, @01:16PM (#6688152)
    Slashdot strikes out
    reported by Anonymous Cannibal

    In developing news, Slashdot.org [slashdot.org] has released a non-SCO related article. Slashdotters are ecstatic at the incoming news "Oh man I really thought it was the end of the road there for a minute, I mean last week was bad, but as of Sunday, I don't know how many SCO based articles they posted. I think it's somewhere in the low hundreds though" stated a user who wished to remain anonymous.

    "It's exciting for the moment, but I know these morons will just post some other sickening story about a company that's about to go under any god damned moment". stated fx0rspy.

    Slashdot once upon a time was one of the hottest sites on the net, and the site which now boasts close to 600+ thousand users (most of which are duplicate users) is slowly going down the toilet. "Well I doubt if it is going to go away, if it did most of the admins there would likely commit suicide or something. I just want to see it go back to the basics and focus on news. Sure SCO is news, but do we really need it shoved down our throats four to five times?" stated another user via IRC who wished to remain anonymous.

    So for those who are interested in real news, such as how China will replace every citizens ID cards with Digital Cards, you can read this here [cryptome.org], or if you care about the NSA possibly backdooring all software, you can read that too by clicking here [nsa.gov]. The CIA's statement on WMD? Sure right here, [cia.gov] however, if your looking for another SCO article, stay tuned one will be availble within the hour.

    Numerous request were sent to Slashdot administrative staff who never responded to our e-mails. We feel for them, and will make sure to send them carfare when the company goes under so they'll be able to get to the unemployment office.

    (c) 2003 Disgruntled Slashdotter

    • 1 reply beneath your current threshold.

  • Dear Submitter: (Score:1)

    by Anti Frozt (655515) <biohazrdNO@SPAMgmail.com> on Wednesday August 13 2003, @01:23PM (#6688211)

    We here at Slashdot do not approve of inhaling or "snorting" drugs. The following alternatives are suggested:

    • Jolt Cola

    • Jolt Gum
      Chocolate covered espresso beans
      Black-black chewing gum

    Information on these alternatives can be found here [thinkgeek.com] and here [modulo26.net]

    Thank you!
    Slashdot Administrators

  • nice to see... (Score:5, Interesting)

    by wwest4 (183559) on Wednesday August 13 2003, @01:35PM (#6688306)
    since snort is such a nice IDS and a good example of OSS components becoming more than their sum, it's nice to see books coming out.

    it certainly isn't plug-n-play, but it's not super techical to install - it's just tedious and open to stupid installation mistakes. i've had a newb trainee install it in a couple of days... not bad for just diving in, but an automated installation would make snort the bomb. anyone know of progress in this area (on any platform)?

  • Local Linux user found trapped in woods. (Score:1)

    by Mike Green Chal (697920) on Wednesday August 13 2003, @01:39PM (#6688346)
    People, one of our own has been found. Trapped in the local woods of newtown square. He did not use the SNORT anti hacker software and was taken away by SCO goons late last evening. Truly a troubling loss.

    They caught him infringing on their IP property by using 12 lines of SCO code in his homebrew linux computer's kernel. Please help us save this young man. Check out The Mike Green Challenge [mikegreenchallenge.com] site today, to help rescue this young man from the oppressive clutches of SCO and Micro$oft.

  • Direction of intrusion detection is....... (Score:1)

    by DRWHOISME (696739) on Wednesday August 13 2003, @01:41PM (#6688359)
    Artificial intelligence ?

  • A pain to get snort working? (Score:4, Interesting)

    by Rahga (13479) on Wednesday August 13 2003, @02:07PM (#6688524)
    (http://rahga.com/ | Last Journal: Tuesday October 18 2005, @05:15PM)
    I can't even pretend to be a great "network administrator" or "software engineer", but I don't see how anyone can even pretend that Snort is difficult to set up with some of the documentation on the website. The most foolproof one there goes by the name of something like "RedHat 9 + Snort + Acid + MySQL + Apache", and RH9 is only used in the "base packages" sense (except for sharutils, which doesn't seem to install by default, but comes in handy when installing Nessus with the installer script).

    If you can't install Snort with that type of docum.... hold on... the late 90s called, they wanted to congratulate you on beating the odds.

  • thanks... (Score:2, Funny)

    by Overbyte (226279) on Wednesday August 13 2003, @02:19PM (#6688629)
    for getting me all worked up. My fiance snorts when she laughs. I was hoping one of these books would help her(me?) out...

  • Web Intrustion Detection (Score:3, Informative)

    by ivan.ristic (631774) on Wednesday August 13 2003, @02:22PM (#6688651)
    (http://www.webkreator.com/)
    If you are interested in detecting and preventing web attacks specifically then you should have a look at mod_security [modsecurity.org]. It is an Apache module (both branches are supported) that allows for some very interesting HTTP-specific filtering. It even supports POST method analysis, and can reject an offending request. Since it works as part of the web server it makes it much easier to detect attackes carried out through an SSL channel.

  • This reviewer is clueless (Score:1)

    by Helevius (456392) on Wednesday August 13 2003, @02:22PM (#6688653)
    (http://slashdot.org/)
    Try reviewing Snort books when you know something about Snort. For example, saying "This book, and the Koziol book, cover Snort version 2.0, which isn't all that much different from version 1.9 covered in the Rehman book" shows you know nothing about Snort's internals. Snort 2.0 offers several new features [snort.org] -- check them out!

    These reviews [amazon.com] are more helpful. A copy of the Koziol book is on the way to the Amazon.com reviewer so he should be able to rate it against the Caswell and Rehman books.

    And those ratings -- 4/10 for Caswell, currently selling at #423 at Amazon.com [amazon.com], compared to 7/10 for Rehman, currently #5691 at Amazon.com [amazon.com]? Popular opinion isn't everything, but people are clearly buying the better book -- despite its faults.

    Helevius

  • Snort? (Score:3, Funny)

    by xihr (556141) on Wednesday August 13 2003, @02:30PM (#6688717)
    (http://www.alcyone.com/xihr/)
    Wasn't that the name of the big truck in Are You My Mother?
    • 1 reply beneath your current threshold.

  • funny (Score:2)

    by sootman (158191) on Wednesday August 13 2003, @02:32PM (#6688736)
    (Last Journal: Thursday July 12, @12:30PM)
    when I first read the headline, I thought "three snort" was a rating of how funny something was.

    for example, this post is about a half-snort. :-)

  • NSWC SHADOW (Score:1, Interesting)

    by Anonymous Coward on Wednesday August 13 2003, @03:07PM (#6689043)
    Looking for IDS? try SHADOW, from Naval Surface Warfare Center - Dahlgren.

  • Like 3-beer people? (Score:2)

    by namespan (225296) <namespan.elitemail@org> on Wednesday August 13 2003, @04:04PM (#6689489)
    (Last Journal: Tuesday October 22 2002, @12:56AM)
    Is a three snort book anything like a three beer woman (or man) in a bar? The number of snorts it takes one to see useful information in the book?

  • He doesn't delve into the details of Snort, and this book makes a perfect choice for a reader who wants to get The Pig up and running quickly and move on to something else.

    Anybody who makes a statement like that quite obviously has never gotten too serious about setting up and maintaining an IDS. Every IDS I've ever used has required quite a bit of care and feeding to make it useful.

    First of all, most IDS's have so many false-positives right out of the box that you just have to do some tweaking to keep your sanity.

    Next, for an IDS to be effective, it must be kept up to date. This means importing new rules from the vendor. Making sure those rules are not a whole new batch of false positives. And writing your own rules to tailor the IDS to effectively monitor your network.

    These kind of things (and the above 2 are just a couple of examples of many different care/feeding aspects of IDS installations) are a must if you are even remotely serious about having an effective IDS. An IDS, by its very nature, is a system which is definitely NOT a 'set up and move on to something else' kind of system.

    • granted, but by frankmanowar (Score:1) Wednesday August 13 2003, @07:02PM

  • Some comments (Score:3, Informative)

    by martyroesch (589524) on Wednesday August 13 2003, @10:19PM (#6692085)
    (http://www.snort.org/)
    I've got a few comments, and seeing as I'm Snort's [snort.org] author I thought people would care for once. :)

    First off, I'm not just Snort's author, I'm also the founder of Sourcefire [sourcefire.com]. Sourcefire was started once it became apparent that enough commercial/governmental users wanted commercial support to make it a viable business model. Raising the VC was not easy, try going into a venture capatalist's office sometime and telling them about how you want to build a product company around a core technology that's free. I talked to something like 12 different investment firms before we got the time of day from anyone, VC wasn't really looking for the next big Open Source story in 2001, they were trying to figure out what the hell happened to all their investments.

    Sourcefire eventually got funded, but we did it the old fashion way by building the product on a shoestring and then selling it into big accounts. Once we made a few hundred kilobucks from my living room (i.e. the original Sourcefire corporate campus), we finally got some attention and (eventually) money. Let me reiterate, it was not easy.

    The author of the article could have saved some money on books (and so can you) if you simply read the USAGE file and the SnortUserManual.pdf file that should be incuded with your Snort download. Both of those files have quickstart information that will let you get up and running with Snort in about 15-30 minutes. Snort was designed to be easy for people who are used to using Linux, keep that in mind when using it for the first time. If you're getting lots of little log files, try using the -b switch at the command line, it'll log to a single file in pcap binary format (like ethereal/tcpdump). Additionally, read the FAQ and check out the mailing lists [snort.org], they're invaluable.

    Finally, the security vulnerabilities that were located in Snort this past spring led us to perform an internal and two external independent paid security audits of the Snort code base, funded by Sourcefire. We're also excersizing additional diligence when evaluating contributed code and looking at the code we're developing internally at Sourcefire. It should be noted, all the code that is developed for Snort at Sourcefire is released under the GPL, we're dedicated to always keeping Snort free and making it the best IDS we can.

    • 1 reply beneath your current threshold.

  • Re:someone needs to write a snort book on (Score:2)

    by xchino (591175) on Wednesday August 13 2003, @02:36PM (#6688771)
    It's only a remote root exploit if you are running the process as root, and that would be stupid. You are an AC though.
    [ Parent ]

  • Re:Snort? (Score:1)

    by Black Noise (683584) on Wednesday August 13 2003, @03:07PM (#6689037)
    Well, I assumed the movie clip came with audio.
    [ Parent ]
  • 18 replies beneath your current threshold.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 SourceForge, Inc.