[Snort-sigs] Rule set for specific service...!!

kamesh_rajaram at ...273... kamesh_rajaram at ...273...
Tue Jan 29 02:36:07 EST 2002


Snort & Demarc :
==============
They monitor a web server & a database server. What kind of rules should be used to make it work effectively, by not giving unwanted/irrelevant alerts. The standard rule set has all kinds of alerts. I want it to be only for the above mentioned services. For example: TFTP rules need not bother my NIDS. It will be waste of time and a overhead for my monitor. I just need an optimized rule set for my purpose. Is there anything available like that...?? Tell me a normal/standard solution, if any, to this. Or how do i do it..??

Bye,
Kamesh.
-------------------------------------------------
This mail helped a tree grow. Know more at http://green.sify.com

Take the shortest route to success! 
Click here to know how http://education.sify.com





More information about the Snort-sigs mailing list