[Snort-sigs] shellcode.rules

Brian bmc at ...95...
Mon Sep 10 17:32:02 EDT 2001


According to Erek Adams:
> Ok, I'm missing something here....
> 
> Since I don't recall it, I'm sure there is a damned fine reason for it, but
> why are shellcode.rules commented out by default for the 1.8.1-RELEASE
> version?
> 
> Yes, I know--Tune the rules.  :)  That's always being done...  This just
> supprised me when I noticed they were commented out...
> 
> Comments, Notes and Clues all happily accepted!

Many people are running snort on a lowend machine that does other 
things than snort.

These rules do text matching on almost every packet.  Thats going to
kill performance.  If you don't mind the performance hit, then turn 
them on.

-brian




More information about the Snort-sigs mailing list