Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows so rules

From: JJ Cummings <cummingsj () gmail com>
Date: Thu, 11 Jun 2009 11:37:57 -0600
I would suggest looking at the stub files within the rules tarball to see
what types of detection that you are not getting, then determining how
important that those are to you.

A simple example would be conficker.. there are several SO rules to detect
conficker esq activity...

JJC

On Thu, Jun 11, 2009 at 10:21 AM, John York <YorkJ () brcc edu> wrote:


Is there support for the so rules on Windows?  (I found an old FAQ that
said it was not, but that was in Google cache and didn't make it to the
new snort.org site.)  How badly is Snort VRT subscription rule set
crippled if so rules aren't active?
Thanks
John


------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: