[Snort-users] Eliminating rulesets

Phil Wood cpw at ...440...
Sat Feb 9 15:10:02 EST 2002


On Sat, Feb 09, 2002 at 01:42:42PM -0500, Jeff Elkins wrote:
> I'm not trying to promote alcohol usage, but I have a newbie question:
> 
> I'm evaluating Snort on a Linux DSL/firewall box that also serves as a mail 
> server and webserver (Sendmail/Apache).  The boxen inside the firewall are 
> all Linux as well. I've commented out the Microsoft-specific rulesets 
> (IIS,Frontpage and Cold Fusion). Other than statistics gathering, is there 
> any reason I'd want them applied?

You might want to invert them.

> 
> I was getting a _bunch_ of IIS alerts before I turned them off, btw.
> 
> Thanks,
> 
> Jeff Elkins
> 
> 
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Phil Wood, cpw at ...440...





More information about the Snort-users mailing list