Re: REVIEW: "Intrusion Detection with Snort", Rafeeq Ur Rehman

Rob Slade, doting grandpa of Ryan and Trevor wrote:

> BKIDWSAI.RVW   20030902
> 
> "Intrusion Detection with Snort", Rafeeq Ur Rehman, 2003,
> 0-13-140733-3, U$39.99/C$62.99
> %A   Rafeeq Ur Rehman
> %C   One Lake St., Upper Saddle River, NJ   07458
> %D   2003
> %G   0-13-140733-3
> %I   Prentice Hall
> %O   U$39.99/C$62.99 +1-201-236-7139 fax: +1-201-236-7131
> %O  http://www.amazon.com/exec/obidos/ASIN/0131407333/robsladesinterne
>   http://www.amazon.co.uk/exec/obidos/ASIN/0131407333/robsladesinte-21
> %O   http://www.amazon.ca/exec/obidos/ASIN/0131407333/robsladesin03-20
> %P   263 p.
> %T   "Intrusion Detection with Snort"
> 
> Chapter one is a very simple introduction to intrusion detection and
> Snort.  Beginning with a brief look at topology, chapter two runs
> through an installation of Snort, but does not provide much in the way
> of explanation or recommendation at the various points.  The coverage
> of Snort rule creation and syntax, in chapter three, is clear and
> reasonable, but could use more examples of malicious packets and how
> they might be identified.  Chapter four does explain some exploit
> rules, in discussing preprocessors, but briefly, and then goes on to
> output options.  Chapters five, six, and seven describe MySQL, ACID
> (Analysis Console for Intrusion Databases), and other tools for using
> Snort in conjunction with collected information.
> 
> This is a decent printed documentation for the system, but not much
> more.
> 
> copyright Robert M. Slade, 2003   BKIDWSAI.RVW   20030902
> 

You don't need all that to understand Snort/IDS. Install it and READ THE MAN
FILES!!