Snort mailing list archives
Re: Eliminating rulesets
From: Phil Wood <cpw () lanl gov>
Date: Sat, 9 Feb 2002 16:08:55 -0700
On Sat, Feb 09, 2002 at 01:42:42PM -0500, Jeff Elkins wrote:
I'm not trying to promote alcohol usage, but I have a newbie question: I'm evaluating Snort on a Linux DSL/firewall box that also serves as a mail server and webserver (Sendmail/Apache). The boxen inside the firewall are all Linux as well. I've commented out the Microsoft-specific rulesets (IIS,Frontpage and Cold Fusion). Other than statistics gathering, is there any reason I'd want them applied?
You might want to invert them.
I was getting a _bunch_ of IIS alerts before I turned them off, btw. Thanks, Jeff Elkins _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Phil Wood, cpw () lanl gov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Eliminating rulesets Jeff Elkins (Feb 09)
- Re: Eliminating rulesets Jeff Elkins (Feb 09)
- Re: Eliminating rulesets Phil Wood (Feb 09)
- Re: Eliminating rulesets Jeff Elkins (Feb 09)