Snort mailing list archives
Re: how to acquire best setting of snort rules?
From: Joel Esler <jesler () sourcefire com>
Date: Sun, 17 Apr 2011 09:34:15 -0400
On Apr 16, 2011, at 9:34 AM, "M.Turner Turner" <msbzag () gmail com> wrote:
how to acquire best setting of snort rules? can i change the action of all rules to reject, to achive the best security?
You can, I don't think I'd recommend that. You'd reject legitimate traffic as well as harmful. I'd also recommend "drop" instead of reject.
can i enable all rules , to achive the best security?
You can, but performance on the sensor would be hurt, and you'd have to deal with a very large alert rate. You should try a Snort install and give it a shot. ------------------------------------------------------------------------------ Benefiting from Server Virtualization: Beyond Initial Workload Consolidation -- Increasing the use of server virtualization is a top priority.Virtualization can reduce costs, simplify management, and improve application availability and disaster protection. Learn more about boosting the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- how to acquire best setting of snort rules? M.Turner Turner (Apr 17)
- Re: how to acquire best setting of snort rules? Joel Esler (Apr 17)
- Message not available
- Re: how to acquire best setting of snort rules? Joel Esler (Apr 18)
- Message not available
- Re: how to acquire best setting of snort rules? Joel Esler (Apr 17)
- Message not available
- Re: how to acquire best setting of snort rules? Kevin Ross (Apr 18)