Snort mailing list archives

Re: how to disable an so_rule

From: "Lawrence R. Hughes, Sr." <lhughes () safemedia com>
Date: Fri, 30 Sep 2011 17:13:58 -0400

Hi,

Thanks, but we don't want to use pulled pork, so if we remove the line within the dos.rules (stub file) and restart 
snort, will that remove it?

Thanks,
Larry

  ----- Original Message ----- 
  From: Kevin Ross 
  To: Lawrence R. Hughes, Sr. ; snort-users () lists sourceforge net 
  Sent: Friday, September 30, 2011 5:10 PM
  Subject: Re: [Snort-users] how to disable an so_rule


  Use pulled pork to manage your rules. define SO rules as 3:THESID to disable in the disable.conf file.


  On 29 September 2011 21:38, Lawrence R. Hughes, Sr. <lhughes () safemedia com> wrote:

    Hi,
    We are trying to disable sid:17750 a rule in the /so_rules/dos.rules   hashing it does not work, so how do you 
these stub generated rules?

    Thanks,
    Larry


    ------------------------------------------------------------------------------
    All the data continuously generated in your IT infrastructure contains a
    definitive record of customers, application performance, security
    threats, fraudulent activity and more. Splunk takes this data and makes
    sense of it. Business sense. IT sense. Common sense.
    http://p.sf.net/sfu/splunk-d2dcopy1
    _______________________________________________
    Snort-users mailing list
    Snort-users () lists sourceforge net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users

    Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2dcopy2

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

how to disable an so_rule Lawrence R. Hughes, Sr. (Sep 29)
- Re: how to disable an so_rule rmkml (Sep 29)
- Re: how to disable an so_rule Kevin Ross (Sep 30)
  - Re: how to disable an so_rule Lawrence R. Hughes, Sr. (Sep 30)