Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: TMG Firewall Client long host entry exploit attempt

From: Patrick Mullen <pmullen () sourcefire com>
Date: Tue, 4 Mar 2014 15:27:40 -0500
Carlos,

Are you using Pulled Pork to manage your enabled rules, or are you doing it
manually?  I believe I understand what is going on regarding which rules
you have enabled.  By default, when the shared object rule stubs are put
into the rules files, they are not commented out according to policy.  So
when you include those stubs, the rule is enabled.  Pulled Pork should fix
this by commenting out rules that are not in the policy you choose.


Thanks,

~Patrick
-- 
Patrick Mullen
Response Research Manager
Sourcefire VRT

------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works. 
Faster operations. Version large binaries.  Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: