Snort mailing list archives

Re: snort 1.7 vs snort 1.8p1 less info.. why?

From: Brian Caswell <bmc () mitre org>
Date: Thu, 26 Jul 2001 14:35:05 -0400

alexus wrote:

when i was using snort 1.7

i used to get alot of info even when i start pinging host or when host
pinged me

i installed 1.8p1 and i dont get any of this info..

any ideas why?


Many of the rules are not enabled by default ON PURPOSE.

Information rules, Shell code (NOOP string match rules), Policy rules
(IRC and napster usage style rules),  icmp info (ping, traceroute type
rules), and virus rules are NOT enabled by default.

The rules are still distributed with snort, and for the most part,
still maintained.  

If you want to see these alerts just turn them on.  Just be forwarned
that you will suffer a performance hit.  You will see a huge increase
in the number of alerts generated.

-- 
Brian Caswell
The MITRE Corporation

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort 1.7 vs snort 1.8p1 less info.. why? alexus (Jul 25)
- MySQL DB creation error Jason Lewis (Jul 25)
  - RE: MySQL DB creation error Jason Lewis (Jul 25)
- Re: snort 1.7 vs snort 1.8p1 less info.. why? Brian Caswell (Jul 26)
  - Re: snort 1.7 vs snort 1.8p1 less info.. why? alexus (Jul 26)
    - Re: snort 1.7 vs snort 1.8p1 less info.. why? Patrick Hawley (Jul 26)
    - Re: snort 1.7 vs snort 1.8p1 less info.. why? alexus (Jul 26)
- <Possible follow-ups>
- Re: snort 1.7 vs snort 1.8p1 less info.. why? Dr SuSE (Jul 25)
  - RE: snort 1.7 vs snort 1.8p1 less info.. why? David Gullett (Jul 25)
    - Re: snort 1.7 vs snort 1.8p1 less info.. why? Jim Forster (Jul 25)
  - Re: snort 1.7 vs snort 1.8p1 less info.. why? alexus (Jul 26)