Snort mailing list archives
RE: Best Practices
From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Tue, 11 Mar 2003 13:23:29 -0500
I don't because all too often patches for MS Windows only do part of the job and at some later date, yet-another-buffer overrun is discovered. Instead, I spend time daily looking at the Snort alerts and other system logs to make sure that the attacks are remaining within a known pattern. If I see something weird, I dig further. HTH -----Original Message----- From: rellington () assesstech com [mailto:rellington () assesstech com] Sent: Tuesday, March 11, 2003 12:31 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Best Practices Hello, I'm a new Snort user and have a newbie type question. Do most people comment out rules once they've received alerts and verified that the machines in question have been patched? Thanks, Ray ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Best Practices Ray Ellington (Mar 11)
- <Possible follow-ups>
- RE: Best Practices L. Christopher Luther (Mar 11)
- RE: Best Practices Vintinner, M. Scott (Mar 11)