PaulDotCom mailing list archives
[SNORT] Best rule categories to enable/disable
From: william.metcalf at gmail.com (Will Metcalf)
Date: Wed, 30 Sep 2009 08:19:23 -0500
If you are running in passive mode this should not happen. If you are running inline then you should run with alert only rules until you can weed out false positives and then convert to drop rules one rule file at a time, or for certian types of events that you know you should never see in your environment. Regards, Will On Wed, Sep 30, 2009 at 2:18 AM, Thomas Fischer <tvfischer at gmail.com> wrote:
So outside of enabling everything, which I can't seem to do as it is seriously?impairing?my network access by slow load times, pictures not showing up, IM disconnections, gaming issues. Which package rules would you enable or disable to have a safe but optimized snort-ids probe? Cheers -- Thomas Fischer ? ? email: tvfischer at gmail.com tvfischer at free.fr ?twitter.com/FVT ?fvter.wordpress.com ? ? IM: ?gTalk:tvfischer at gmail.com ? ?MSN:tvfischer at hotmail.com Y!:tvfischer_FR ? ? PGP Key: https://keyserver1.pgp.com/vkd/DownloadKey.event?keyid=0x27FBA97646CF2077 ? ? ? ? ? ? ? ? ? ? ? ? ? ?-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Sent from Crosne, France _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- [SNORT] Best rule categories to enable/disable Thomas Fischer (Sep 30)
- [SNORT] Best rule categories to enable/disable Will Metcalf (Sep 30)
- [SNORT] Best rule categories to enable/disable Ben Greenfield (Sep 30)
- [SNORT] Best rule categories to enable/disable Joel Esler (Sep 30)
- [SNORT] Best rule categories to enable/disable Ben Greenfield (Sep 30)
- [SNORT] Best rule categories to enable/disable Jim Chrisos (Sep 30)
- [SNORT] Best rule categories to enable/disable Will Metcalf (Sep 30)