Snort mailing list archives
Re: Error trapping signatures ...
From: Erek Adams <erek () snort org>
Date: Sun, 22 Jun 2003 10:11:48 -0400 (EDT)
On Sat, 21 Jun 2003, Jon Baer wrote:
i was trying to rip through the archives to see what opinions existed for things like error trapping and could not find much i only joined the list not too long ago but im looking to see if there are any downsides to error trapping ...
[...snip...]
i realize a dev box to have them set to pass vs. alert but is there a downside to having a handful of these type of alerts around?
Actaully check the archives for 'anomally detection' to get some other ideas about ways to do this. Basically, once you have a "known" network, it doesn't take much to get a set of rules when you see "something that shouldn't be happening". A nice benefit of this is that once this is setup, any changes that are made to the network (rouge server) become pretty obvious. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Error trapping signatures ... Jon Baer (Jun 21)
- Re: Error trapping signatures ... Erek Adams (Jun 22)
- Re: Error trapping signatures ... Jon Baer (Jun 22)
- Re: Error trapping signatures ... Erek Adams (Jun 22)