[Snort-users] Snort rules questions

Sloan Miller sloanm at ...468...
Wed Oct 3 09:51:05 EDT 2001


It was late last night when I responded and I forgot to say that I am
running IPChains and I was when my little box was running fine for about 12
hours.  I am also running PortSentry.

The number of rules is

Using LOCAL time
923 Snort rules read...
923 Option Chains linked into 135 Chain Headers

I don't know where I got the idea that there were 100 or so maybe from the
chain headers.

Thanks for your help
Sloan



----- Original Message -----
From: "Erek Adams" <erek at ...577...>
To: "Sloan Miller" <sloanm at ...468...>
Cc: "John Sage" <jsage at ...2022...>; "Snort-Userst at ...1973... Sourceforge.
Net" <snort-users at lists.sourceforge.net>
Sent: Wednesday, October 03, 2001 7:10 AM
Subject: Re: [Snort-users] Snort rules questions


> On Tue, 2 Oct 2001, Sloan Miller wrote:
>
> > Sorry about that I should have mentioned that I am running snort on a
DSL
> > connection.  This is my home network.  Not a great deal of traffic.  The
box
> > is not running X,  it was running apache but I disabled it to free up
more
> > RAM to see if there was an effect.  I am running the full set of snort
rules
> > from snort.org  If I remember correctly it is over 100 about 108 or so.
>
> Ok, this is wierd.  On my testing/devel box, I'm running the rules from
CVS
> and I'm at around 640 or so.   Unless you've pruned already, those numbers
> sound _real_ low.
>
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net
>





More information about the Snort-users mailing list