Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Best Practices

From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Tue, 11 Mar 2003 13:23:29 -0500
I don't because all too often patches for MS Windows only do part of the job
and at some later date, yet-another-buffer overrun is discovered.  

Instead, I spend time daily looking at the Snort alerts and other system
logs to make sure that the attacks are remaining within a known pattern.  If
I see something weird, I dig further.  

HTH

-----Original Message-----
From: rellington () assesstech com [mailto:rellington () assesstech com]
Sent: Tuesday, March 11, 2003 12:31 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Best Practices


Hello,

I'm a new Snort user and have a newbie type question.
Do most people comment out rules once they've received alerts and verified
that the machines in question have been patched?

Thanks,
Ray




-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: