Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Questions

From: Mike Shaw <mshaw () wwisp com>
Date: Thu, 20 Jun 2002 09:34:42 -0500
At 08:23 AM 6/20/2002 -0400, Sandy Martin wrote:

First, after looking through the rules, I noticed a wide variety of rules
for a cross section of platforms. I understand that they were written that
way on purpose. My question is, is it ok to go through and edit these rules
to remove all of the *nix related stuff? Our network is composed of 20
nodes. All Windows 2000 with 1 Windows 2000 Server. The server is a DC but
not a web/mail, etc. server. So, I was thinking that to improve performance
and reduce false positives, I could go through and edit the rules leaving
only the Win32 stuff in. Is this a good route to go?
I like to keep some of those non-applicable rules running, as they can give insight into what people are trying (really noisy scanners, etc). 

-Mike



-------------------------------------------------------
                  Bringing you mounds of caffeinated joy
                  >>>     http://thinkgeek.com/sf    <<<

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: