request for new Classification?

[Rich Adamson <radamson () routers com>]

What's the proper way to request new Classification strings for the
classification.config file?

Would like to see something that describes 'very serious activity'
that needs to be escalated and resolved ASAP. For example, while
sniffing traffic on a DMZ where only https should reside, I'd like
to alert on ftp, telnet, or other rather generic protocols that should
_never_ occur (could be inbound or outbound).

On the backend of the alerting process, I'd like to initiate pager 
alerts based on keywords, etc. Fully understand the keywords can be
part of the Msg, but none of the Classifications suggest anything
as serious as what might be happening.

Thoughts?

Rich




-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users