[Snort-users] FAQ...

jess at ...521... jess at ...521...
Fri Nov 17 09:18:53 EST 2000


> 1. do you know a document, witch is going to help me to interpret all
> these messages? what is harmless and witch messages not. 

	The best source of info is probably the ArachNIDS Database:

		http://www.whitehats.com

	If you use the rulesets you can download at http://www.snort.org
or the vision.conf rules at Whitehats, most of the alerts have an IDS
signature. You can use that signature to query the database. It is very
self-explanative. It points out what is dangerous and what is not, and
suggests many false positives you may find in your daily traffic.

	Cheers,
								JESS




More information about the Snort-users mailing list