Snort mailing list archives
Re: Snort in a Home Network
From: Stephen Gantz <stephen.gantz () faculty umuc edu>
Date: Wed, 29 Jul 2015 12:54:07 -0400
It's certainly reasonable to disable preprocessors (and rulesets) that don't apply to your environment, but don't assume that preprocessors apply only to services and protocols that you run in your home network. Snort preprocessors such as the ones you describe also monitor traffic from your client computers to external servers. For example, HTTP_Inspect analyzes network traffic sent and received when you browse a website. To your question about disabling preprocessors, yes, you just need to comment them out. Make sure you comment out every line for each preprocessor you want disabled, not just the first lines with the preprocessor declarations. -----Original Message----- From: Xander [mailto:reg.regedit () gmail com] Sent: Wednesday, July 29, 2015 11:55 AM To: snort-users@lists sourceforge. net Subject: [Snort-users] Snort in a Home Network Hello everyone, I have a simple question regarding Snort. If I want to use it in my private home network (which consists of a couple of laptops and smartphones) is it reasonable to disable some preprocessors (and the rules related to them)? Here is what I mean: since I do not have any kind of server, just a couple of laptops and smartphones, can I just disable their dedicated preprocessors (e.g. ftp preprocessor, sip preprocessor, smtp preprocessor, http preprocessor and so on)?
From my understanding of Snort, the preprocessors and the IPVARs (e.g.
$HTTP_SERVERS, $SSH_SERVERS, $TELNET_SERVERS....) that you set in the snort.conf are aimed to analyze the traffic directed to your servers in your network. But, as I said, I don't have any, hence my question about turning the preprocessors off. Also, to disable them, do I just have to comment them out in the snort.conf? Thank you very much for your help. -------------------------------------------------------------------------- ---- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort in a Home Network Xander (Jul 29)
- Re: Snort in a Home Network Stephen Gantz (Jul 29)
- Re: Snort in a Home Network Xander (Jul 29)
- Re: Snort in a Home Network Stephen Gantz (Jul 29)