Snort mailing list archives
rules for Snort Inline
From: Risto Vaarandi <risto.vaarandi () seb ee>
Date: Mon, 04 Sep 2006 15:07:31 +0300
hi all, I have had Snort running in IDS mode for some time, and would now like deploy it in Inline mode for actually dropping malicious traffic. However, the Snort rules available at http://www.snort.org/rules/ have been configured to produce alerts only, and the user has to test each rule whether the 'drop', 'reject' or other such action would be suitable for his/her environment. Since testing rules one by one involves a lot of time, I started to look for rule collections designed specifically for Snort Inline, and located the rulesets at BleedingSnort (http://www.bleedingsnort.com/rules/). My question is - are there any similar projects around for creating rules for Snort Inline? I understand that for some rules it is difficult to verify that they don't block anything legitimate, yet there could be rules which almost never produce false positives. If someone has created a collection of such rules, I'd be thankful for the pointers. br, risto ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- rules for Snort Inline Risto Vaarandi (Sep 04)
- Re: rules for Snort Inline Joel Esler (Sep 04)
- Re: rules for Snort Inline Risto Vaarandi (Sep 04)
- Re: rules for Snort Inline Jeff Kell (Sep 04)
- Re: rules for Snort Inline Joel Esler (Sep 04)