Snort mailing list archives
pulledpork
From: James <snort () cyclohexane net>
Date: Tue, 28 Jun 2016 14:11:51 +0100
Hello all, I'm a bit stuck with setting up pulledpork for the first time, specifically disabling certain rules. I've read flowbits can cause this, but that's not present in the first one I've checked. My pulledpork.conf points to the correct location for disablesid.conf, which I've listed out a few like: 3:19187 # PROTOCOL-DNS TMG Firewall Client long host entry exploit attempt When I re-run pulledpork.pl it says no rule changes are made and when I then restart Snort, I still see these rules firing. While I'm here trying to solve that I may as well ask another question: Can I also use disablesid.conf to disable things like certain http_inspect and/or stream5 events, which don't appear to exist in the snort.rules file pulledpork uses? Thanks for your wisdom. James
------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- pulledpork James (Jun 28)
- Re: pulledpork Shirkdog (Jun 28)