IDS mailing list archives
Snort as IDS
From: Jon Uriona <jurionamendi () yahoo es>
Date: Fri, 11 Jan 2008 11:33:50 +0100
Hi all, I need to know if I need to apply web detection rules (attacks, cgi, client, misc, php...) and preprocesor (http_inspect) to devices acting as web proxies. I am getting thousand of alerts due to those rules from my proxy clients and their external requests which I believe all of them are false. Am I right? And for web servers different than apache and IIS, do I have to apply http_inspect with any profile? I am trying to set up my http_inspect preprocessor. If I have a Squid proxy listening on ports 80 and 8080, do I need to configure a preprocessor http_inspect_server for it? And should I use apache profile? If I am using any other web server (neither IIS nor Apache), do I need to configure a preprocessor http_inspect_server for it? If so, which profile? And same question about application servers, like AOL for example. Do I need to configure http_inspect_server for it? Which profile? Thanx in advance, Jon ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------
Current thread:
- Snort as IDS Jon Uriona (Jan 11)
- Re: Snort as IDS Sanjay R (Jan 16)
- Re: Snort as IDS Jon Uriona (Jan 16)
- Re: Snort as IDS Sanjay R (Jan 16)