Re: snort DOS rules & DDOS rules

[Joel Esler <jesler () sourcefire com>]

All rules should be used only in an applicable environment. Does it make sense in your environment to use those rules? 
Then by all means, turn them on. 

If you use pulledpork to update the rules, you can use the -I command line tag in order to use one of the base policies 
that Sourcefire creates for your environment. 


Sent from my iPhone

On Jul 7, 2010, at 9:38 AM, "Lawrence R. Hughes, Sr." <lhughes () safemedia com> wrote:

> Hi,
>  
> I have noticed when downloading updated rules, that DDOS & DOS rules are all disabled.
> Have the above been replaced by so_dos rules?
>  
> Is there any harm enabling the DDOS & DOS rules?
>  
> Thanks,
> Larry
>  
>  
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users