Snort mailing list archives

Re: Eliminating rulesets

From: Phil Wood <cpw () lanl gov>
Date: Sat, 9 Feb 2002 16:08:55 -0700

On Sat, Feb 09, 2002 at 01:42:42PM -0500, Jeff Elkins wrote:

I'm not trying to promote alcohol usage, but I have a newbie question:

I'm evaluating Snort on a Linux DSL/firewall box that also serves as a mail 
server and webserver (Sendmail/Apache).  The boxen inside the firewall are 
all Linux as well. I've commented out the Microsoft-specific rulesets 
(IIS,Frontpage and Cold Fusion). Other than statistics gathering, is there 
any reason I'd want them applied?


You might want to invert them.


I was getting a _bunch_ of IIS alerts before I turned them off, btw.

Thanks,

Jeff Elkins





_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 
Phil Wood, cpw () lanl gov


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Eliminating rulesets Jeff Elkins (Feb 09)
- Sid ? Warrick FitzGerald (Feb 09)
  - Re: Sid ? Ryan Russell (Feb 09)
    - Re: Sid ? Warrick FitzGerald (Feb 09)
    - Re: Sid ? Warrick FitzGerald (Feb 09)
    - Re: Sid ? Tony Scalzitti (Feb 09)
- Re: Eliminating rulesets Phil Wood (Feb 09)
  - Re: Eliminating rulesets Jeff Elkins (Feb 09)
    - Re: Eliminating rulesets Phil Wood (Feb 09)
    - Re: Eliminating rulesets Jeff Elkins (Feb 09)