Snort mailing list archives
Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box!
From: Teo En Ming <teo.en.ming () gmail com>
Date: Tue, 8 Apr 2014 03:19:15 +0800
Dear list, I downloaded this set of rules file http://www.snort.org/downloads/2874 ( snortrules-snapshot-2960.tar.gz <http://www.snort.org/downloads/2874>). Why are most of the Snort rules commented out? It's like 80% of all the Snort rules are commented out/disabled. Question 1: Shall I un-comment the disabled rules??? Also, why are many of the rules files empty? Question 2: Why are many of the rules files empty? I installed Nessus 5.2.6 on my Windows 8.1 machine. I ran Nessus vulnerability scanner against my public IP and no alerts showed up on my Snort IDS at all! Question 3: The Nessus vulnerability scanner reported numerous vulnerabilities. Why are there no alerts in my Snort IDS box at all? I need a favor from you guys. To uncomment all the DISABLED Snort rules, which is probably thousands and thousands of lines, is a colossal task. I think I need to write a sed 's/original text/replacement text/g' linux shell script to uncomment all the disabled Snort rules. But the problem is that my Linux shell scripting knowledge is a bit rusty and I would need to revise it. Hence I am wondering if any of you guys can write a bash script with sed and for loops to uncomment the disabled Snort rules??? Thanks in advance!!! Don't worry, I will vet through the submitted shell scripts. I am looking forward to your replies. Thank you very much. Yours sincerely, Teo En Ming
------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! Teo En Ming (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! Jeremy Hoel (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! Bjoern Meier (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! James Lay (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! Teo En Ming (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! James Lay (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! Teo En Ming (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! James Lay (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! Teo En Ming (Apr 07)