Disable all rules for a platform?

["Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>]

Hello,

I wanted to get everyone's opinion on this. Does anyone recommend shutting
off all rules for a certain platform if they don't have that platform in
their environment? For example, if I have an all-Unix environment, does
anyone out there disable all Microsoft related rules? I mean if a hacker
can't detect what OS I'm running on my web servers and throw attacks at it
that are for another platform, then they aren't very good hackers anyway and
really aren't much of a threat. I figure that Snort needs every cycle it can
get so why not get rid of all rules applying to platforms I don't have?

The second question is, if I did want to disable checks for a platform, it
doesn't appear to be an easy task.....it looks like all rules are mixed
together throughout the rules files.

Any feedback would be appreciated!


Thanks,

Paul 

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users