Looking through last months logs, I noticed an entry from a google search that made me giggle like a little school girl.

198.116.xx.xx – - [09/Oct/2007:14:55:56 -0600] “GET /09-17-2007/behind-the-scenes-with-snort-part-2/ HTTP/1.1″ 200 6712 “http://www.google.com/search?q=waldo.file&hl=en&start=20&sa=N” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7″

I obfuscated the IP for obvious reasons, but suffice to say a traceroute of the IP, reveals:

14 border.hcn.hq.nasa.gov (198.116.xx.xx) 87.622 ms 84.963 ms 84.978 ms

I know, I know .. who cares right? It’s just a random person at a random place googling for something random. In this specific case however, it’s someone from NASA; searching for specific information about snort/barnyard. I don’t know why it’s important to me, but having someone from an agency that is primarily run by geeks and nerds find my site possibly useful, makes me all warm inside. (hopefully that didn’t make you vomit inside your mouth.)

For those of you who have upgraded to Snort 2.8.0, I have a quick tip for you. If you hadn’t heard yet, Snort no longer supports the use of the dsize directive within snort rules. Thankfully, the existing rules that use this directive, don’t cause Snort to crash. However, as we all know, the fewer rules Snort has to process, the better it performs. So how do you disable all the rules that use dsize?

It’s really more simple then you might think.

My request for the Sourcefire Snort Certified Professional courses/exam, that I posted about earlier, was finally approved, bathed in red tape and finally completed. I received my login information for the courses and certification exam (through vcampus.com). I nervously logged in expecting to see that the account had been created weeks ago, and that I was not going to get the full sixty days; but to my surprise, it was created today! I decided to setup my profile on the vcampus site first, and to my surprise you can change, every aspect of your account, including user name. Being as the original user name and password were sent to me clear text, being able to change them both securely, rocks.

I have not as of yet dived into the course material; I must admit, I’m a little nervous about it. This is the first certification test, that I feel like I am actually going to have to work for. So I am thankful to be able to get the full sixty day period to access the materials.

Extended personal spewing …