Snort mailing list archives
Re: pulledpork
From: Shirkdog <shirkdog () gmail com>
Date: Tue, 28 Jun 2016 09:20:12 -0400
Checkout the latest code (marked 0.7.2-ALPHA) as there have been updates to support signatures with gid != 1. If it does not work, post an issue on github. For your second question, I normally disable those through threshold.conf, and that is something pulledpork does not do, but it would be potentially an enhancement to include. --- Michael Shirk On Tue, Jun 28, 2016 at 9:11 AM, James <snort () cyclohexane net> wrote:
Hello all, I'm a bit stuck with setting up pulledpork for the first time, specifically disabling certain rules. I've read flowbits can cause this, but that's not present in the first one I've checked. My pulledpork.conf points to the correct location for disablesid.conf, which I've listed out a few like: 3:19187 # PROTOCOL-DNS TMG Firewall Client long host entry exploit attempt When I re-run pulledpork.pl it says no rule changes are made and when I then restart Snort, I still see these rules firing. While I'm here trying to solve that I may as well ask another question: Can I also use disablesid.conf to disable things like certain http_inspect and/or stream5 events, which don't appear to exist in the snort.rules file pulledpork uses? Thanks for your wisdom. James ------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- pulledpork James (Jun 28)
- Re: pulledpork Shirkdog (Jun 28)