Snort mailing list archives
Re: New to writing Snort Rules. Help writing a rule?
From: evejou <girl () techn0ev3 net>
Date: Sat, 19 May 2012 07:30:28 -0400
Hi Tyler, I think what you're looking for is how to whitelist IPs: http://manual.snort.org/node17.html#SECTION003219000000000000000 According to this entry here, you really don't want to use signatures to white/blacklist stuff: http://vrt-blog.snort.org/2012/04/snort-performance-and-ip-only-rules.html -evejou On Fri, May 18, 2012 at 4:18 PM, Tyler MacPherson <tah338 () sr unh edu> wrote:
Hi, I recently put Snort on a system for my work. I'm trying to configure it by writing certain rules, but since I'm brand new to Snort, I'm having some trouble figuring out how to write these rules. Basically, the system I'm deploying Snort on should only be receiving traffic through two avenues: a MySQL database and Oracle database that are linked to it. Everything else should be picked up Snort as potentially being bad. What I'm wondering is, how would I go about writing rules that would achieve this goal? Thank you. -- Tyler MacPherson Student Operator UNH Research Computing Center (603) 862-4518 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
-- "We who cut mere stones must always be envisioning cathedrals." -- Quarry worker's creed. (The Pragmatic Programmer, by Andrew Hunt and David Thomas.)
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- New to writing Snort Rules. Help writing a rule? Tyler MacPherson (May 18)
- Re: New to writing Snort Rules. Help writing a rule? Balasubramaniam Natarajan (May 18)
- Re: New to writing Snort Rules. Help writing a rule? evejou (May 19)
- Re: New to writing Snort Rules. Help writing a rule? Joel Esler (May 20)