| [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] Sam Spade 2nd sameip; rule option SANS 2nd 3rd SANS Institute Sans TCP/IP Guide Sarbannes-Oxley scan.rules scanner-fixed-threshold option (flow-portscan preprocessor) scanner-fixed-window option (flow-portscan preprocessor) scanner-sliding-scale-factor option (flow-portscan preprocessor) scanner-sliding-threshold option (flow-portscan preprocessor) scanner-sliding-window option (flow-portscan preprocessor) scanning machines on your network schema table scoreboard-memcap-scanner option (flow-portscan preprocessor) scoreboard-memcap-talker option (flow-portscan preprocessor) scoreboard-rows-scanner option (flow-portscan preprocessor) scoreboard-rows-talker option (flow-portscan preprocessor) Scoreboards component (flow-portscan preprocessor) scrambling networks script kiddies sdrop rule action secure certificates SecurityFocus SecurityFocus IDS Page self-inflicted denial-of-service self-test mode, starting Snort in sensor table sensors administration problems configuring interfaces managing Snort [See IDS management] placement creating connection points prioritizing systems and networks to watch placing securing applying patches and updates choosing operating system monitoring system logs robust authentication seq: rule option Server statistics tracker component (flow-portscan preprocessor) server-ignore-limit option (flow-portscan preprocessor) server-learning-time option (flow-portscan preprocessor) server-memcap option (flow-portscan preprocessor) server-rows option (flow-portscan preprocessor) server-scanner-limit option (flow-portscan preprocessor) server-watchnet option (flow-portscan preprocessor) serveronly option (stream4_reassemble preprocessor) ServerSignature setting service scans, detecting services, disabling session interception IPS identification Snort running as interceptor session: rule option set_gid: option (snort.conf) set_uid: option (snort.conf) Sguil sguil sguil server database sending log information to (barnyard.conf) shaft shellcode in the packet payload, detecting shellcode.rules SHELLCODE_PORTS variable (snort.conf) show_year option (snort.conf) sid: rule option sig_class table sig_id parameter sig_reference table signature table signature-based IDS versus antivirus software signatures attempted-recon automatic updates disabling high-noise faulty of known exploits Snort and updating skiphosts option (snortsam.conf) skipinterval option (snortsam.conf) smart cards SMTP (Simple Mail Transfer Protocol) SMTP email service, detecting attacks to smtp.rules SMTP_SERVERS variable (snort.conf) sniff trace, directing to logfile SniffDet sniffer sniffer mode for Snort sniffer-mode output sniffing turning off promiscuous mode SNMP traffic, detecting snmp.rules SNMP_SERVERS variable (snort.conf) SNMPwalk Snort as NIDS solution database schema deploying [See deploying Snort] installing [See installing Snort] overview reasons to use using more effectively Snort Inline Patch Snort newsgroup Snort's homepage snort-sigs mailing list 2nd snort.conf file 2nd command-line options default settings for default variables designating multiple ports designating single port editing in SnortCenter editing with SnortCenter initial configuration type of alert wanted network and configuration variables preprocessors [See preprocessor configuration] RULE_PATH variable sections Snort decoder and detection engine specifying a single address specifying multiple addresses variables to define servers running services that have specific rules SnortCenter 2nd 3rd 4th adding new rules adding sensors to console Admin drop-down menu automatic updates browsing console editing custom rules installing agent installing console prerequisites logging in and surveying layout management console features managing false positive and false negative alerts managing tasks Output Plugins selection Resources link creating a new rule Sensor Configuration menu Edit tool Output Plugin Selection Preprocessor Selection drop-down menu Rule Category Overview link Rule Policy Templates section Rules Selection drop-down menu Variable Selection drop-down menu Sensor Console button trickiest part updating rules and signatures snortdb-extra.gz file SnortReport 2nd SnortSAM 2nd 3rd downloading installing output plug-in patching Snort to enable support for starting snortsam.conf file options accept daemon defaultkey dontblock include ipchains iptables logfile loglevel pix port rollbackhosts rollbacksleeptime rollbackthreshold skiphosts skipinterval SnortSnarf 2nd Snot 2nd SoBig worm software download resources software version-mapping Solaris 9 installation guide Source IP field (rule headers) Source Port field (rule headers) source routing Sourcefire 2nd Management Console SPAN port (Cisco) SPAN ports spanning multiple ports into single monitor port SQL Server database servers, detecting attacks to SQL Server, disabling rule set SQL Slammer worm sql.rules SQL_SERVERS variable (snort.conf) src-ignore-net option (flow-portscan preprocessor) SSH (Secure Shell) SSL Accelerator SSL proxies 2nd sslproxy Stacheldraht rules stacks (TCP/IP) Staniford, Stuart stateless; rule option stats_interval option (flow preprocessor) stealth interface Steele, Michael E. Stick 2nd stopping Snort stream4 preprocessor 2nd stream4_reassemble preprocessor configuring stress-testing IDS machines subversion Sullo suppression rules 2nd syntax switches Cisco configured to span several ports enterprise-class listing SYN (synchronize sequence numbers) packet SYN FIN scan attempt synchronize sequence numbers (SYN) packet syslog server, sending alerts to system configuration errors |