[SYMBOL]
[A]
[B]
[C]
[D]
[E]
[F]
[G]
[H]
[I]
[J]
[K]
[L]
[M]
[N]
[O]
[P]
[Q]
[R]
[S]
[T]
[U]
[V]
[W]
[X]
[Y]
[Z]
Sam Spade
2nd
sameip; rule option
SANS
2nd
3rd
SANS Institute
Sans TCP/IP Guide
Sarbannes-Oxley
scan.rules
scanner-fixed-threshold option (flow-portscan preprocessor)
scanner-fixed-window option (flow-portscan preprocessor)
scanner-sliding-scale-factor option (flow-portscan preprocessor)
scanner-sliding-threshold option (flow-portscan preprocessor)
scanner-sliding-window option (flow-portscan preprocessor)
scanning machines on your network
schema table
scoreboard-memcap-scanner option (flow-portscan preprocessor)
scoreboard-memcap-talker option (flow-portscan preprocessor)
scoreboard-rows-scanner option (flow-portscan preprocessor)
scoreboard-rows-talker option (flow-portscan preprocessor)
Scoreboards component (flow-portscan preprocessor)
scrambling networks
script kiddies
sdrop rule action
secure certificates
SecurityFocus
SecurityFocus IDS Page
self-inflicted denial-of-service
self-test mode, starting Snort in
sensor table
sensors
administration problems
configuring interfaces
managing Snort
[See IDS management]
placement
creating connection points
prioritizing systems and networks to watch
placing
securing
applying patches and updates
choosing operating system
monitoring system logs
robust authentication
seq: rule option
Server statistics tracker component (flow-portscan preprocessor)
server-ignore-limit option (flow-portscan preprocessor)
server-learning-time option (flow-portscan preprocessor)
server-memcap option (flow-portscan preprocessor)
server-rows option (flow-portscan preprocessor)
server-scanner-limit option (flow-portscan preprocessor)
server-watchnet option (flow-portscan preprocessor)
serveronly option (stream4_reassemble preprocessor)
ServerSignature setting
service scans, detecting
services, disabling
session interception
IPS identification
Snort running as interceptor
session: rule option
set_gid: option (snort.conf)
set_uid: option (snort.conf)
Sguil
sguil
sguil server database
sending log information to (barnyard.conf)
shaft
shellcode in the packet payload, detecting
shellcode.rules
SHELLCODE_PORTS variable (snort.conf)
show_year option (snort.conf)
sid: rule option
sig_class table
sig_id parameter
sig_reference table
signature table
signature-based IDS versus antivirus software
signatures
attempted-recon
automatic updates
disabling high-noise
faulty
of known exploits
Snort and
updating
skiphosts option (snortsam.conf)
skipinterval option (snortsam.conf)
smart cards
SMTP (Simple Mail Transfer Protocol)
SMTP email service, detecting attacks to
smtp.rules
SMTP_SERVERS variable (snort.conf)
sniff trace, directing to logfile
SniffDet
sniffer
sniffer mode for Snort
sniffer-mode output
sniffing
turning off promiscuous mode
SNMP traffic, detecting
snmp.rules
SNMP_SERVERS variable (snort.conf)
SNMPwalk
Snort
as NIDS solution
database schema
deploying
[See deploying Snort]
installing
[See installing Snort]
overview
reasons to use
using more effectively
Snort Inline Patch
Snort newsgroup
Snort's homepage
snort-sigs mailing list
2nd
snort.conf file
2nd
command-line options
default settings for
default variables
designating multiple ports
designating single port
editing in SnortCenter
editing with SnortCenter
initial configuration
type of alert wanted
network and configuration variables
preprocessors
[See preprocessor configuration]
RULE_PATH variable
sections
Snort decoder and detection engine
specifying a single address
specifying multiple addresses
variables to define servers running services that have specific rules
SnortCenter
2nd
3rd
4th
adding new rules
adding sensors to console
Admin drop-down menu
automatic updates
browsing console
editing custom rules
installing agent
installing console
prerequisites
logging in and surveying layout
management console
features
managing false positive and false negative alerts
managing tasks
Output Plugins selection
Resources link
creating a new rule
Sensor Configuration menu
Edit tool
Output Plugin Selection
Preprocessor Selection drop-down menu
Rule Category Overview link
Rule Policy Templates section
Rules Selection drop-down menu
Variable Selection drop-down menu
Sensor Console button
trickiest part
updating rules and signatures
snortdb-extra.gz file
SnortReport
2nd
SnortSAM
2nd
3rd
downloading
installing
output plug-in
patching Snort to enable support for
starting
snortsam.conf file options
accept
daemon
defaultkey
dontblock
include
ipchains
iptables
logfile
loglevel
pix
port
rollbackhosts
rollbacksleeptime
rollbackthreshold
skiphosts
skipinterval
SnortSnarf
2nd
Snot
2nd
SoBig worm
software download resources
software version-mapping
Solaris 9 installation guide
Source IP field (rule headers)
Source Port field (rule headers)
source routing
Sourcefire
2nd
Management Console
SPAN port (Cisco)
SPAN ports
spanning multiple ports into single monitor port
SQL Server database servers, detecting attacks to
SQL Server, disabling rule set
SQL Slammer worm
sql.rules
SQL_SERVERS variable (snort.conf)
src-ignore-net option (flow-portscan preprocessor)
SSH (Secure Shell)
SSL Accelerator
SSL proxies
2nd
sslproxy
Stacheldraht rules
stacks (TCP/IP)
Staniford, Stuart
stateless; rule option
stats_interval option (flow preprocessor)
stealth interface
Steele, Michael E.
Stick
2nd
stopping Snort
stream4 preprocessor
2nd
stream4_reassemble preprocessor
configuring
stress-testing IDS machines
subversion
Sullo
suppression rules
2nd
syntax
switches
Cisco
configured to span several ports
enterprise-class
listing
SYN (synchronize sequence numbers) packet
SYN FIN scan attempt
synchronize sequence numbers (SYN) packet
syslog server, sending alerts to
system configuration errors
|
