[Snort-users] Humour- Things not to do with your IDS
alambert at ...387...
Tue Nov 14 08:41:17 EST 2000
or my (so far) worst fubar...
alert yada yada (msg: "I detected Blah"; content: "Blah";)
While output to syslog is on, and syslog is also logging to a
remote host for redundancy... (snort picks up every syslog packet going
out, and generates an alert, which sends another syslog packet, etc.)
I was not proud of myself that day. :)
> could be worse, you could of had a rule like:
> log tcp any any <> $HOME_NET any (session: all;)
> ----- Original Message -----
> From: "andy lowton" <andy at ...586...>
> To: <snort-users at lists.sourceforge.net>
> Sent: Monday, November 13, 2000 3:21 PM
> Subject: [Snort-users] Humour- Things not to do with your IDS
> > Nevr temporarily let someone through your firewall to pull a huge file by
> > putting in a temporary snort rule to detect their IP, ..............and
> > then forgetting to take out the rule before they pull the file.
> > All together now.......DOH!
> > l8z
> > andy
More information about the Snort-users