Snort mailing list archives

Re: Eliminating rulesets

From: Jeff Elkins <jeff () elkins org>
Date: Sat, 9 Feb 2002 19:26:41 -0500

Thanks.

I'll research invert before I repost. Wouldn't want to make someone drink an 
extra beer :)

Jeff


On Saturday 09 February 2002 06:08 pm, you wrote:

On Sat, Feb 09, 2002 at 01:42:42PM -0500, Jeff Elkins wrote:

I'm not trying to promote alcohol usage, but I have a newbie question:

I'm evaluating Snort on a Linux DSL/firewall box that also serves as a
mail server and webserver (Sendmail/Apache).  The boxen inside the
firewall are all Linux as well. I've commented out the Microsoft-specific
rulesets (IIS,Frontpage and Cold Fusion). Other than statistics
gathering, is there any reason I'd want them applied?


You might want to invert them.

I was getting a _bunch_ of IIS alerts before I turned them off, btw.

Thanks,

Jeff Elkins





_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Eliminating rulesets Jeff Elkins (Feb 09)
- Sid ? Warrick FitzGerald (Feb 09)
  - Re: Sid ? Ryan Russell (Feb 09)
    - Re: Sid ? Warrick FitzGerald (Feb 09)
    - Re: Sid ? Warrick FitzGerald (Feb 09)
    - Re: Sid ? Tony Scalzitti (Feb 09)
- Re: Eliminating rulesets Phil Wood (Feb 09)
  - Re: Eliminating rulesets Jeff Elkins (Feb 09)
    - Re: Eliminating rulesets Phil Wood (Feb 09)
    - Re: Eliminating rulesets Jeff Elkins (Feb 09)