Snort mailing list archives

Rule Selection

From: Rudi Starcevic <tech () wildcash com>
Date: Thu, 10 Feb 2005 10:30:17 -0800

Hi,

A colleague of mine suggested to me that a machine with only port 80open ( www server ) one should only use www Snort rules.That would mean not using alot of available rules for intrusiondetection, is that wise ?


Thanks
Best regards
Rudi




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Rule Selection Rudi Starcevic (Feb 09)
- Re: Rule Selection Alex Butcher, ISC/ISYS (Feb 10)
- Re: Rule Selection Jose Maria Lopez (Feb 10)
- RE: Rule Selection Adam Kliarsky (Feb 21)
- <Possible follow-ups>
- RE: Rule Selection Miner, Jonathan W (CSC) (US SSA) (Feb 10)
  - Re: Rule Selection Rudi Starcevic (Feb 10)
    - Re: Rule Selection Matt Kettler (Feb 10)
    - Re: Rule Selection Alex Butcher, ISC/ISYS (Feb 11)