Snort mailing list archives
request for new Classification?
From: Rich Adamson <radamson () routers com>
Date: Fri, 17 Sep 2004 11:29:13 -0600
What's the proper way to request new Classification strings for the classification.config file? Would like to see something that describes 'very serious activity' that needs to be escalated and resolved ASAP. For example, while sniffing traffic on a DMZ where only https should reside, I'd like to alert on ftp, telnet, or other rather generic protocols that should _never_ occur (could be inbound or outbound). On the backend of the alerting process, I'd like to initiate pager alerts based on keywords, etc. Fully understand the keywords can be part of the Msg, but none of the Classifications suggest anything as serious as what might be happening. Thoughts? Rich ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- request for new Classification? Rich Adamson (Sep 17)
- <Possible follow-ups>
- RE: request for new Classification? Rich Adamson (Sep 17)