[Snort-users] Snort Rules Tool

roman at ...438... roman at ...438...
Tue Nov 21 22:34:15 EST 2000


Jess,

I wrote the "snortrules" tool a while back.  Essentially you use nmap to
scan your network to identify which ports are open on the various hosts
that Snort will be watching.  In turn, snortrules uses this list to weed
out any rules that do not apply.  For example, if no web server running on
port 80 was found in the scan, any rules using this port will be removed.
It is a method to prevent obvious false positives.

Snortrules can be downloaded at:
http://www.andrew.cmu.edu/~rdanyliw/snort/

cheers,
Roman



                                                                                                           
                    <jess at ...521...>                                                                    
                    Sent by:                             To:     snort-users at lists.sourceforge.net         
                    snort-users-admin at ...635...        cc:                                               
                    eforge.net                           Subject:     [Snort-users] Snort Rules Tool       
                                                                                                           
                                                                                                           
                    11/21/00 06:34 PM                                                                      
                                                                                                           
                                                                                                           



           Hi!

           A few weeks ago at SANS, I was commenting to Marty the idea of
developing a tool which could automatically build 'ad hoc' rules for a
particular network (based on which ports are open for every particular
machine,
the OS, ...), and he told me that there were already people involved in
a project like that. I think he told me it was called "snort rules".

           If anyone listening is actually involved in it, could just
please
drop me an e-mail?

           Thanks!


      JESS

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users








More information about the Snort-users mailing list