Snort mailing list archives
Rule Selection
From: Rudi Starcevic <tech () wildcash com>
Date: Thu, 10 Feb 2005 10:30:17 -0800
Hi,A colleague of mine suggested to me that a machine with only port 80 open ( www server ) one should only use www Snort rules. That would mean not using alot of available rules for intrusion detection, is that wise ?
Thanks Best regards Rudi ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rule Selection Rudi Starcevic (Feb 09)
- Re: Rule Selection Alex Butcher, ISC/ISYS (Feb 10)
- Re: Rule Selection Jose Maria Lopez (Feb 10)
- RE: Rule Selection Adam Kliarsky (Feb 21)
- <Possible follow-ups>
- RE: Rule Selection Miner, Jonathan W (CSC) (US SSA) (Feb 10)
- Re: Rule Selection Rudi Starcevic (Feb 10)
- Re: Rule Selection Matt Kettler (Feb 10)
- Re: Rule Selection Alex Butcher, ISC/ISYS (Feb 11)
- Re: Rule Selection Rudi Starcevic (Feb 10)