pulledpork

[James <snort () cyclohexane net>]

Hello all,

I'm a bit stuck with setting up pulledpork for the first time, specifically
disabling certain rules. I've read flowbits can cause this, but that's not
present in the first one I've checked. My pulledpork.conf points to the
correct location for disablesid.conf, which I've listed out a few like:

3:19187 # PROTOCOL-DNS TMG Firewall Client long host entry exploit attempt

When I re-run pulledpork.pl it says no rule changes are made and when I
then restart Snort, I still see these rules firing.

While I'm here trying to solve that I may as well ask another question: Can
I also use disablesid.conf to disable things like certain http_inspect
and/or stream5 events, which don't appear to exist in the snort.rules file
pulledpork uses?

Thanks for your wisdom.

James

------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!