Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Server lists defrined in snort.conf

From: Colin Grady <colin.grady () gmail com>
Date: Tue, 13 Apr 2010 13:33:11 -0500
Alejandro,

The variables should remain in place, whether updated or not, so that
you can continue to use the rules that reference them. You never know
when someone may turn up a rogue telnet service on your network, and
the Snort rules can help you 1) identify that rogue system and 2)
identify someone actively attempting to exploit that system. As a
general rule, keep the variables defined in the provided snort.conf in
place, and add new ones as necessary to facilitate your own rule
writing efforts.

Good luck!

Colin


On Tue, Apr 13, 2010 at 8:54 AM, Joel Esler <joel.esler () me com> wrote:

If you don't have systems that run the telnet service, then you don't have
to do anything.

--
Joel Esler
Sent from my iPhone
On Apr 13, 2010, at 9:47 AM, Alejandro Cabrera Obed <aco1967 () gmail com>
wrote:

Joel, so what do I have to maintain var TELNET_SERVERS line in snort.conf if
I have not a telnet server in my network ??? can you explain to me please
???
Thanks again !!!

2010/4/13 Joel Esler <joel.esler () me com>



--
Joel Esler
Sent from my iPhone

On Apr 13, 2010, at 9:36 AM, Alejandro Cabrera Obed <aco1967 () gmail com>
wrote:


Dear, I see that snort.conf has defined the following server lists:

var DNS_SERVERS $HOME_NET
var SMTP_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var TELNET_SERVERS $HOME_NET
var FTP_SERVERS $HOME_NET
var SNMP_SERVERS $HOME_NET

Two short questions:

1) Should I have to comment TELNET_SERVERS and SNMP_SERVERS if I have not
these type of services in my network ???


No.




2) Should I have to add a new server line if I have a LDAP server ???


You can, but it's not necessary to do so unless you are going to write
rules to use that variable. But generally, no.




Special thanks

A:)

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




--
Alejandro Cabrera Obed
aco1967 () gmail com
www.alejandrocabrera.com.ar

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: