[Snort-sigs] What are the most important rules?

Robert Wagner rwagner at ...447...
Thu Aug 1 12:42:15 EDT 2002


That would depend on your OS and Application and Patch levels.  If you don't
have any IIS servers, then ditch the Code Red Attacks...,  Dump the subnet
scans to DShield,=> focus on single, pinpointed attacks.

-----Original Message-----
From: bfledderjohn at ...722...
[mailto:bfledderjohn at ...722...]
Sent: Thursday, August 01, 2002 1:16 PM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] What are the most important rules?


Out of all the rules that are available, what rules and alerts would you
pay extreme close attention to?  I have tons of false alerts and am
spending so much time determining priorities of alerts that are popping up.



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs




More information about the Snort-sigs mailing list