Snort mailing list archives

Re: How to tune two rules?

From: Joel Esler <jesler () sourcefire com>
Date: Thu, 8 Aug 2013 13:01:53 -0400

On Thu, Aug 08, 2013 at 01:31:02PM +0000, Turnbough, Bradley E. wrote:

Guys,

I'm pretty new at using snort, and I'm trying to tune two rules.

Can someone please tell me how to tune these two rules?

gen_id 124, sig_id 7  -- smtp: Attempted header name buffer overflow

gen_id 124, sig_id 1  -- smtp: Attempted command buffer overflow



I'd probably put in suppression statements for these initially.  Look
into your threshold.conf for those.

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

How to tune two rules? Turnbough, Bradley E. (Aug 08)
- Re: How to tune two rules? Joel Esler (Aug 08)
- Re: How to tune two rules? waldo kitty (Aug 08)