[Snort-users] Eliminating rulesets
jeff at ...4830...
Sat Feb 9 10:43:03 EST 2002
I'm not trying to promote alcohol usage, but I have a newbie question:
I'm evaluating Snort on a Linux DSL/firewall box that also serves as a mail
server and webserver (Sendmail/Apache). The boxen inside the firewall are
all Linux as well. I've commented out the Microsoft-specific rulesets
(IIS,Frontpage and Cold Fusion). Other than statistics gathering, is there
any reason I'd want them applied?
I was getting a _bunch_ of IIS alerts before I turned them off, btw.
More information about the Snort-users