[Snort-users] One more Ruleset

Jim Forster jforster at ...176...
Wed Oct 11 12:28:19 EDT 2000


I'm posting the 10102kany.rules file as I write...  Although it takes longer
to 'tweak' out the bad rules, in some cases it's quicker to add pass rules
than it is to alter the current set.  :)
I usually let it run as-is for half an hour, then stop Snort and see what
kind of babble there is in the logs.  Add a few pass rules, and that usually
gets rid of 95% of them right off the bat.  <The 'Any' set includes all BETA
rules in the head current to 10/10/2k>

Jim Forster
Network Administrator
RapidNet / DakotaConnect
http://www.snort.org





More information about the Snort-users mailing list