A survey, shows that less then 40% of the British public feel they are well informed about science.

New Articles - Earth's Carbon Cycle Ultra Sonic Frogs Environmental Niche & Dinosaurs Seismic Waves Global Warming Life Support Systems Introduction to the Big Bang The Problem of Acid Rain

Our science section is in production with a proposed 1 Mar 07 "Grand launch" date.


The Linux Convert site explains how, even today, building your own linux box can be cheaper than getting an off the shelf Windows PC. There is a new article on why you should use linux there now.

New articles: Firewall Bypass Attack Snort For Newbies Malware and Intrusions Intrusion Detection Systems Malware, Trojans and Virus infections and Infection Removal

If you have any comments or suggestions for topics we should cover under the technology banner then please stop by the discussion board and let us know.

Using Snort

Page 3 of 3

The Basics

Assuming you have a capture file, your easiest route is to open Ethereal and read it. This involves, as you might guess, running Ethereal, choosing Open from the menu, navigating to your snort/logs folder then choosing to open the "snort"+string of numbers log file that you can see.

Ethereal will show the packets, appropriately colour coded for the ones that failed to transmit. If you see lots of odd IP addresses that aren't ARP you might want to look at them and consider why they are connecting to your PC.

You will find some common intrusions listed in the code that goes with the IDS article elsewhere here on You can also search the Internet for the signatures of common trojans and viruses then look for their identifying features - a process that always goes more pleasantly if you picture yourself as a Star Trek captain recongnising the energy signature of a Kazon Nistrum weapon.

Sam Spade is always useful for identifying IP addresses - another free download that I can't be bothered searching for at the moment, sorry. Sam Spade will tell you where an Internet address is registered anyway, then you can go on the whois of that Name service provider and get reasonably close to the origin of the attack. (Ok, the IP will be spoofed (faked) if it's a serious attack, but in that case, why are you reading a sn0rt newbies' guide?) When you see something like the activity that I came across the other week - hundreds of Nigerian IPs connecting to my computer for no legitimate reason that I could think of- you can guess that spam is getting bounced off your network or your PCs are being used in a Denial of Service Attack.

After all, the whole point of doing this is to start to educate yourself. You cannot entirely rely on your AV/firewall etc software. You can't always rely on the other users of your network to be using your access to the web legitimately. It's a good idea to try to stay on top of what your network is doing, especially if you have a wireless network. It's often pretty easy for someone to log into an unsuspecting user's wireless network from the street. This might just be using your bandwidth to surf the net or send emails - which may technically constitute theft but hardly matters to you - but they might also be implicating you in crimes, leaving you taking the responsibility for wickedness you didn't even know about, let alone commit.

A couple of sn0rt info updates. Demarc found a flaw affecting connections to web ports via telnet, on 17/05/06, for which they have released a patch. Also, if you use Voice-over IP (e.g Skype) Ethereal's interpretation of the traffic may be bizarre, confusing it with a government legal intercept. Similarly, Voice over IP will produce results suggesting there are hundreds of malformed bogus packets. There probably aren't. At least, you can tell if this is the case by switching off VOIP and reexamining the logs. If they return to normal, that was the issue. If not - you need to look into it.

Page 1 | | Page 3

XHTML CSS level 2 W3 Sites Any Browser GEO Url


RSS Feed

News Provided By The BBC