[Snort-users] Can snort be smarter?
Jason.Haar at ...294...
Mon Jul 1 16:29:19 EDT 2002
On Mon, Jul 01, 2002 at 03:01:14PM -0700, Kevin Brown wrote:
> Why not set up the rules yourself to only trigger when they go after your
> IIS servers or apache servers? Define a few more variables in your
> snort.conf file to cover IIS servers or apache or whatever app, then in the
> rules use that definition to replace the default.
...because that actually requires me to know what's on my networks :-)
Unfortunately, I don't have that level of control over all the networks I
want to run IDSes on. :-(
...although it may be worth scripting for - a little bit of nmap and nc
could go a long way... Hmmmmm
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the Snort-users