Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort 1.7 vs snort 1.8p1 less info.. why?

From: "alexus" <ml () db nexgen com>
Date: Thu, 26 Jul 2001 16:17:30 -0400
Hello Brian

thank you for responding to me

would you please tell me where and how would i could enable them?

thank you in advance

----- Original Message ----- 
From: "Brian Caswell" <bmc () mitre org>
To: "alexus" <ml () db nexgen com>
Cc: <snort-users () lists sourceforge net>
Sent: Thursday, July 26, 2001 2:35 PM
Subject: Re: [Snort-users] snort 1.7 vs snort 1.8p1 less info.. why?



alexus wrote:

when i was using snort 1.7

i used to get alot of info even when i start pinging host or when host
pinged me

i installed 1.8p1 and i dont get any of this info..

any ideas why?


Many of the rules are not enabled by default ON PURPOSE.

Information rules, Shell code (NOOP string match rules), Policy rules
(IRC and napster usage style rules),  icmp info (ping, traceroute type
rules), and virus rules are NOT enabled by default.

The rules are still distributed with snort, and for the most part,
still maintained.  

If you want to see these alerts just turn them on.  Just be forwarned
that you will suffer a performance hit.  You will see a huge increase
in the number of alerts generated.

-- 
Brian Caswell
The MITRE Corporation




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: