Snort mailing list archives
RE: 3 questions on rules
From: Erek Adams <erek () snort org>
Date: Thu, 15 May 2003 16:03:34 -0400 (EDT)
On Thu, 15 May 2003, Garrett.Allen () ser com wrote:
thanks for your quick and insightful reply.
No problem.
an add on question, if i may. regarding the "p2p gnutella get", isn't gnutella is a file share community. so this would be a potential means of information sharing that may or may not be permissable, based on corporate security policies. hence the attack rule?
Right. The policy.rules file has quite a few rules that _might_ be against corporate policy. You have to look at them and decide what you want. If you'll check the archives [0], you'll come across quite a few messages that discuss p2p systems and their abuse. IIRC, one person mentioned they were able to reduce current bandwidth usage by about 60% in a college dorm situation. Hope that helps! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://marc.theaimsgroup.com/?l=snort-users&r=1&w=2 ------------------------------------------------------- Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara The only event dedicated to issues related to Linux enterprise solutions www.enterpriselinuxforum.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- 3 questions on rules Garrett . Allen (May 15)
- Re: 3 questions on rules Erek Adams (May 15)
- Re: 3 questions on rules Brian (May 15)
- Re: 3 questions on rules Erek Adams (May 15)
- Re: 3 questions on rules Brian (May 15)
- <Possible follow-ups>
- RE: 3 questions on rules Garrett . Allen (May 15)
- RE: 3 questions on rules Erek Adams (May 15)
- RE: 3 questions on rules Garrett . Allen (May 15)
- Re: 3 questions on rules Erek Adams (May 15)