Snort mailing list archives
Configuration of snort for internal LAN
From: Phil Petruzzo <phil.petruzzo () mirant com>
Date: Wed, 31 Jul 2002 10:11:31 -0600
Hi, I've recently installed snort/mysql systems on my corporate LAN and was wondering if anyone knew of a good document for configuring rules and such for this type of environment. Using the default rules on an internal LAN creates many many false positives, leading me to disable many rules. If anyone has suggestions/documents of best practices for internal sensor placement that would be great. Eventually I will be placing a snort sensor in my DMZ which should be configured closer to the default set of rules, which should be easier to do. Thanks for you help. Phil
Current thread:
- Configuration of snort for internal LAN Phil Petruzzo (Jul 31)