[Snort-sigs] newbie post
bryan.irvine at ...1441...
Mon Apr 7 16:51:06 EDT 2003
I've jsut started getting interested in snort.
I've been looking around at the ruleset, and it looks rather similar to
OpenBSD's PF. I've read the documentation ( I printed it out and have
it right here. It seems snort has a lot of options that is a bit
overwelming for a newbie. I'm wondering what would be the best way to
build my config file.
I'd like to have snort scan for viruses, known windows exploits, but I
don't want to see a zillion false positives. I tried running it with
the default config file, and it started generating a lot of logs on
things I didn't really care about. We ahve a funky routing thing here
that we can't get rid of so I was always seeing things like "next-hop"
Is there any sample files around that I can read from?
More information about the Snort-sigs