Your rating(Clear)Rate this item


There was a problem filtering reviews right now. Please try again later.

39 of 41 people found the following review helpful
"Snort 2.0" offers content not found in other books on Snort, such as Tim Crothers' more generic "Implementing IDS" (4 stars) and Rafeeq Rehman's "Intrusion Detection with Snort." (3 stars) I've read the best IDS books, and used IDS technology, since 1998, and "Snort 2.0" is the first to give real insight into an IDS' inner workings. Thanks to the technical knowledge of the author team, "Snort 2.0" earns the reader's appreciation by explaining how and why the open source Snort IDS works its magic.

"Snort 2.0" starts well with a short history of Marty Roesch's favorite project, followed by solid explanations of the key elements of Snort's architecture in ch. 2. The actual workings of the Snort code is expanded upon in ch. 4 (modes), 5 (rules), and 6 (packet handling and preprocessors). One could read these sections and get a real sense of how the stream4 preprocessor works, for example. These sections are augmented by helpful tangents on compiling source code (ch. 3) and updates via CVS (ch. 9). This attention to detail and desire to include related information demonstrates a high level of commitment to the reader's education.

"Snort 2.0" has several technical errors or typos which prevented me from giving a 5 star review. p. 110's diagram of a TCP sessions should say "SYN, SYN-ACK, ACK", not "SYN, ACK, SYN-ACK". Later on that page, the author claims "The server replies with a SYN/ACK if the port is open, and a SYN/RST if the port is not listening." The correct closed response is "RST/ACK". p. 203 implies one can scan for open ports with the ACK flag set to evade stateless packet filters. This is wrong, as scanning with the ACK flag set only helps host discovery. I found the reprinting of multiple pages of C code unnecessary. I also wished the sections on building preprocessors had started from scratch, rather than explain an existing preprocessor.

Overall, I found "Snort 2.0" enlightening. The authors have a powerful understanding of the workings of Snort, and apply it in novel ways. "Policy-based IDS" in ch. 12 is one example, while the "rule categorization" chart in ch. 10 is another. Only the Wiley "Deploying Snort 2.0" book, due this fall, has a chance to displace "Snort 2.0" in the Snort-focused IDS book arena.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
8 of 9 people found the following review helpful
on May 13, 2003
I've been using Snort for some time. I really like it, but I've always found it a little difficult to keep up with all of the features and everything. If you spend a lot of time on the snort.org site and on the mail lists you can learn a lot from everybody. But I don't always have the time to monitor the list or go through the archives. It is great now having everything I need to know in one book. Brian Caswell is the guy who makes all of the releases and keeps everything on the site maintained and he definitely knows his stuff.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
16 of 20 people found the following review helpful
on October 29, 2003
The technical content is ok, but I am extremely tired of reading books that contain so many grammatical mistakes that one gets irritated every time a page is turned. This publisher is notorious for this and emails I wrote to them were not answered. This is just not acceptable for an expensive book. Don't they have proofreaders?
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
7 of 8 people found the following review helpful
on April 9, 2004
I've been running Snort for since the earliest versions and spend a lot of time on the mail lists, working through problems with other users, etc. I got this book about 6 months ago, read it all the way through, and since then have been referring to it whenever I've had questions or problems with Snort. I was initially going to post a review after my initial reading, but wanted to see if I experienced any buyer's remorse after putting the book through it's paces a little bit more. Well, its' half a year later and I'm more impressed with it now than after my initial read. Every time I've had a question, I've found an answer in this book. I'm not quite sure what web site the reader from Maryland is visiting (it's certainly not the Snort site) where he found information anything like the Preproccesors chatper in this book. That chatper was obviously the result of some serious, independent research.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
12 of 15 people found the following review helpful
on July 9, 2003
I recommend this book but ... there are numerous (sometimes confusing) copy-editing errors and the things I'm most interested in (using ACID, using unified logs and using ACID with unified logs) are the most confusing. Given the length (500 pages) I'm surprised at certain ommisions and puzzled why 20 pages are wasted on a program listing (the book comes with a comprehensive CD with includes the book in pdf format).
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
11 of 14 people found the following review helpful
on June 25, 2003
Snorty the pig has long needed a trustworthy manual, the free one on snort.org is good, but this book is great. Congratulations to the very knowledgeable author and reviewer team! Thank you for sparing a rehash of how TCP works or a general survey of intrusion detection, focusing on what matters and sharing your hard earned Snort wisdom with us!
This is a book about Snort, not about intrusion detection. You learn about all the parts of Snort, how to write a rule and tons and tons of auxiliary tools. Would I recommend this book to someone already running Snort? Yes! Would I recommend this book to someone considering deploying an IDS? Heck yes! In fact, if you attempt to deploy Snort on a production network without reading this book you should be instantly teleported out of your organization and into the "welcome to Walmart" greeter position at the nearest bigbox store of the world's largest corporation.
The book is laid out in the typical readable, user friendly, Syngress fashion including the FAQ at the end of the chapter. I like that.
I have two very minor complaints ( this is really 4.99999 stars instead of 5). The multiple pages of code without explanation in the back of the book should have been omitted or heavily commented. And I do not think sending the CDROM with the book was a good idea, Snort gets updated every couple weeks and the authors themselves "strongly recommend" getting the latest code from snort.org on page 75.
Well worth the money, if you are even thinking about running an IDS, especially Snort, get the book now!
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
9 of 12 people found the following review helpful
on April 8, 2004
First of all, this book has way too many grammar mistakes. Secondly, go to the snort web site and download their PDF documents because they are free. I compared the snort documentation against this book and it is almost exactly the same. So they knew how to take snort's PDF and make it into a book. I will give them credit for that. I expected a lot more than what I had already read on snort's website.
There were a few errors on setting up ACID, but having read snort's documentation already, it was easily figured out. Too bad I can't get my money back because if I knew it was this bad, I would have never bought it.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
13 of 18 people found the following review helpful
on June 3, 2003
I teach a graduate level course on Intrusion Detection. The core textbook is long on security concepts, network topographies, and is about 900 pages. It's long on theory and short on specifics---even shorter on actual tools and products.
This book has proven to be a breath of fresh air. It provides detailed product specifics and is a reliable roadmap to actually rolling out an IDS. And I really appreciate the CD with Snort and the other IDS utilities.
The author team is well connected with Snort.org and they obviously had cart blanche in writing this book. I've looked at the other books that have just come out andnotice that (1) they are shorter and have much less information on the actual sstme administration of Snort and (2) they don;t include software.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
16 of 23 people found the following review helpful
on June 5, 2003
This is a feature link from Snort.org for good reason. First, Brian Caswell knows more about Snort than anyone on the planet and it shows here. Secondly, the book is over 500 pages long, and is full of configuration examples. It is the ONE Snort book you need if you're actually running a corporate IDS. It's also the only book out there that includes Snort on CD (as well as ACID, BARNYARD AND SWATCH). Some of the other books are long on theory and short on substance---not this one.
This pig flies. Highly recommended.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
7 of 10 people found the following review helpful
on May 7, 2003
I have been a diehard Snort user and member of the community since day one. Snort is awesome and there are so many incredibly talented people involved with it. I always wished that there was a book that documented everything, and gave lots of very cool information on all of the inner workings. I was psyched when I heard this book was being written, and I orderd it before it came out. I got mine on Friday and spent the weekend reading it. Considering the guys (and gal!) who wrote it, I shouldn't be surprised that the book rocks. Everything you ever wanted to know about Snort is in there. And, you know you are getting it from the Pig's mouth--er, or Snout ;)
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Send us feedback

How can we make Amazon Customer Reviews better for you?
Let us know here.