Snort mailing list archives
Re: How to tune two rules?
From: Joel Esler <jesler () sourcefire com>
Date: Thu, 8 Aug 2013 13:01:53 -0400
On Thu, Aug 08, 2013 at 01:31:02PM +0000, Turnbough, Bradley E. wrote:
Guys, I'm pretty new at using snort, and I'm trying to tune two rules. Can someone please tell me how to tune these two rules? gen_id 124, sig_id 7 -- smtp: Attempted header name buffer overflow gen_id 124, sig_id 1 -- smtp: Attempted command buffer overflow
I'd probably put in suppression statements for these initially. Look into your threshold.conf for those. ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- How to tune two rules? Turnbough, Bradley E. (Aug 08)
- Re: How to tune two rules? Joel Esler (Aug 08)
- Re: How to tune two rules? waldo kitty (Aug 08)