Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Disable by name in pulled pork

From: Y M <snort () outlook com>
Date: Thu, 19 Jun 2014 18:58:38 +0000



From: fivetenets () me com
Date: Thu, 19 Jun 2014 14:47:28 -0400
To: snort-users () lists sourceforge net
Subject: [Snort-users] Disable by name in pulled pork

I saw this on a forum page. Is this possible to do in pulled pork?

I want to disable some rules but don't know exactly how or the sid ID. I like this way if it works. 

I just don't know where or how these disable rules were entered.

Thanks!

OK. Deleted the entries on...
Applications > IDS Rules >Disabled Downloaded Rules
# Disable "stream5: TCP Small Segment Threshold Exceeded"
# Disable "ssh: Protocol mismatch"
# Disable "http_inspect: LONG HEADER"
# Disable "sensitive_data: sensitive data global threshold exceeded"
# Disable "stream5: Reset outside window"
# Disable "http_inspect: MESSAGE WITH INVALID CONTENT-LENGTH OR CHUNK SIZE"

Nick


These seem like comments/documentation to me, specially with the first line saying "Applications > IDS.....". I think 
you may be abel to achieve the same with pcre? Haven't done it before though.
YM

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

                                          
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: