http://www.experts-exchange.com/Security/Misc/Q_21497259.html
http://www.experts-exchange.com/Security/Misc/Q_21060548.html
http://www.experts-exchange.com/Networking/Misc/Q_21028459.html
Snort GUI policy manager:
http://www.activeworx.org/Default.aspx?tabid=55
http://www.engagesecurity.com/products/idscenter/
--> http://www.engagesecurity.com/downloads/#idscenter
--> page not found
http://www-935.ibm.com/services/us/index.wss/offerfamily/iss/a1029097
LiveISO:
http://www.networksecuritytoolkit.org/nst/index.html
network monitor:
http://www.ntop.org/overview.html
read:
http://www.securityfocus.com/infocus/1558
eventlog monitoring:
http://www.intersectalliance.com/projects/SnareWindows/
http://www.kiwisyslog.com/kb/idx/0/012/article/
Snort video
http://www.youtube.com/watch?v=nAWN989WA0A
How to create a snort rule
http://www.youtube.com/watch?v=BZCwyjfz5x4
Packetyzer dlls
http://www.paglo.com/opensource/packetyzer
Snort download
http://www.snort.org/dl/binaries/win32/
Snort register
https://www.snort.org/pub-bin/register.cgi
copy the rules, copy snort.conf to etc
C:\Snort\bin>snort -W
,,_ -*> Snort! <*-
o" )~ Version 2.8.2.1-ODBC-MySQL-FlexRESP-
WIN32 GRE (Build 16)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html
(C) Copyright 1998-2008 Sourcefire Inc., et al.
Using PCRE version: 7.4 2007-09-21
Interface Device Description
-------------------------------------------
1 \Device\NPF_{EF9E1507-79A9-489A-AF2D-2168FF49AFC8} (NET IP/1394 Miniport)
2 \Device\NPF_{E0DFC9C8-BBE2-4713-A409-8CB0F5DD8C72} (Intel(R) PRO/100 VE Networ
k Connection (Microsoft's Packet Scheduler) )
C:\Snort\bin>snort -dev -i 2
Running in packet dump mode
--== Initializing Snort ==--
Initializing Output Plugins!
Var '_ADDRESS' redefined
snort windows email alerts
http://www.snort.org/archive-7-1003.html
C:\Snort\bin>snort -c c:\snort\etc\snort.conf -l c:\snort\log -i 2
Running in IDS mode
Log parser 2.2 from Microsoft