RE: request for new Classification?

[Rich Adamson <radamson () routers com>]

Yes, I know. But to further advance snort, it would seem to be
appropriate to add other classifications for the entire community.

------------------------
> Do you do know you can edit the classification.config file yourself?
>
> J
>
> -----Original Message-----
> What's the proper way to request new Classification strings for the
> classification.config file?
>
> Would like to see something that describes 'very serious activity' that
> needs to be escalated and resolved ASAP. For example, while sniffing
> traffic on a DMZ where only https should reside, I'd like to alert on
> ftp, telnet, or other rather generic protocols that should _never_ occur
> (could be inbound or outbound).
>
> On the backend of the alerting process, I'd like to initiate pager 
> alerts based on keywords, etc. Fully understand the keywords can be part
> of the Msg, but none of the Classifications suggest anything as serious
> as what might be happening.
>
> Thoughts?
>
> Rich




-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users