Snort mailing list archives
Re: Server lists defrined in snort.conf
From: Colin Grady <colin.grady () gmail com>
Date: Tue, 13 Apr 2010 13:33:11 -0500
Alejandro, The variables should remain in place, whether updated or not, so that you can continue to use the rules that reference them. You never know when someone may turn up a rogue telnet service on your network, and the Snort rules can help you 1) identify that rogue system and 2) identify someone actively attempting to exploit that system. As a general rule, keep the variables defined in the provided snort.conf in place, and add new ones as necessary to facilitate your own rule writing efforts. Good luck! Colin On Tue, Apr 13, 2010 at 8:54 AM, Joel Esler <joel.esler () me com> wrote:
If you don't have systems that run the telnet service, then you don't have to do anything. -- Joel Esler Sent from my iPhone On Apr 13, 2010, at 9:47 AM, Alejandro Cabrera Obed <aco1967 () gmail com> wrote: Joel, so what do I have to maintain var TELNET_SERVERS line in snort.conf if I have not a telnet server in my network ??? can you explain to me please ??? Thanks again !!! 2010/4/13 Joel Esler <joel.esler () me com>-- Joel Esler Sent from my iPhone On Apr 13, 2010, at 9:36 AM, Alejandro Cabrera Obed <aco1967 () gmail com> wrote:Dear, I see that snort.conf has defined the following server lists: var DNS_SERVERS $HOME_NET var SMTP_SERVERS $HOME_NET var HTTP_SERVERS $HOME_NET var SQL_SERVERS $HOME_NET var TELNET_SERVERS $HOME_NET var FTP_SERVERS $HOME_NET var SNMP_SERVERS $HOME_NET Two short questions: 1) Should I have to comment TELNET_SERVERS and SNMP_SERVERS if I have not these type of services in my network ???No.2) Should I have to add a new server line if I have a LDAP server ???You can, but it's not necessary to do so unless you are going to write rules to use that variable. But generally, no.Special thanks A:) ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Alejandro Cabrera Obed aco1967 () gmail com www.alejandrocabrera.com.ar ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Server lists defrined in snort.conf Alejandro Cabrera Obed (Apr 13)
- Re: Server lists defrined in snort.conf Joel Esler (Apr 13)
- Re: Server lists defrined in snort.conf Alejandro Cabrera Obed (Apr 13)
- Re: Server lists defrined in snort.conf Joel Esler (Apr 13)
- Re: Server lists defrined in snort.conf Colin Grady (Apr 13)
- Re: Server lists defrined in snort.conf Alejandro Cabrera Obed (Apr 13)
- Re: Server lists defrined in snort.conf Joel Esler (Apr 13)