[Snort-users] Eliminating rulesets
cpw at ...440...
Sat Feb 9 15:10:02 EST 2002
On Sat, Feb 09, 2002 at 01:42:42PM -0500, Jeff Elkins wrote:
> I'm not trying to promote alcohol usage, but I have a newbie question:
> I'm evaluating Snort on a Linux DSL/firewall box that also serves as a mail
> server and webserver (Sendmail/Apache). The boxen inside the firewall are
> all Linux as well. I've commented out the Microsoft-specific rulesets
> (IIS,Frontpage and Cold Fusion). Other than statistics gathering, is there
> any reason I'd want them applied?
You might want to invert them.
> I was getting a _bunch_ of IIS alerts before I turned them off, btw.
> Jeff Elkins
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Phil Wood, cpw at ...440...
More information about the Snort-users