RE: 3 questions on rules

[Erek Adams <erek () snort org>]

On Thu, 15 May 2003, Garrett.Allen () ser com wrote:

> thanks for your quick and insightful reply.

No problem.

> an add on question, if i may. regarding the "p2p gnutella get", isn't
> gnutella is a file share community. so this would be a potential means
> of information sharing that may or may not be permissable, based on
> corporate security policies.  hence the attack rule?

Right.  The policy.rules file has quite a few rules that _might_ be
against corporate policy.  You have to look at them and decide what you
want.  If you'll check the archives [0], you'll come across quite a few
messages that discuss p2p systems and their abuse.  IIRC, one person
mentioned they were able to reduce current bandwidth usage by about 60% in
a college dorm situation.

Hope that helps!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://marc.theaimsgroup.com/?l=snort-users&r=1&w=2


-------------------------------------------------------
Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions
www.enterpriselinuxforum.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users