[Snort-users] Eliminating rulesets

Jeff Elkins jeff at ...4830...
Sat Feb 9 10:43:03 EST 2002


I'm not trying to promote alcohol usage, but I have a newbie question:

I'm evaluating Snort on a Linux DSL/firewall box that also serves as a mail 
server and webserver (Sendmail/Apache).  The boxen inside the firewall are 
all Linux as well. I've commented out the Microsoft-specific rulesets 
(IIS,Frontpage and Cold Fusion). Other than statistics gathering, is there 
any reason I'd want them applied?

I was getting a _bunch_ of IIS alerts before I turned them off, btw.

Thanks,

Jeff Elkins








More information about the Snort-users mailing list