Re: Whats Rules should i use

[Matt Kettler <mkettler () evi-inc com>]

The default rule set is by far the most complete and well maintained rule 
set available. At one point there was an alternate rule set from whitehats, 
but due to the author being in jail at this time, those rules and the site 
that hosted them are unmaintained or minimally maintained.

The default ruleset is pretty diverse, covers a wide range of problems, and 
is relatively low false rate given that it is of a "generic" nature. (yes 
this is a pretty high false rate in many cases, but no generic ruleset can 
be both accurate and low false for all networks without manual adjustment.)

That said, no ruleset is going to be a perfect fit for your needs. The 
default ruleset is a good starting point, but you will likely find changes, 
removals and additions you will want to make as you go along.



At 03:42 AM 2/8/2002 +1100, Kenny D wrote:
> Hi,
>
> I am new to snort and have successfully set it up with
> IDScenter, so far so good. However i have one
> question, is all the rules in the standard install
> adequate or is there something else i should be
> looking out for. Would the standard rules (excluding
> those hashed out) fit most peoples needs.
>
> Thanks,
>
>
> =====
>
>
> http://greetings.yahoo.com.au - Yahoo! Greetings
> - Send your Valentines love online.
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users