[Snort-users] Snort rules touble.

Jason Gauthier jgauthier at ...6155...
Fri Jun 21 12:35:02 EDT 2002


I added necassary variables to use the latest rules to my snort.conf,
merging any necassary differences.
I'm up to speed now and all is running.

Now I need to simulate some probes/attacks to make sure it's actually
working.

Thanks to all,

Jason

>-----Original Message-----
>From: Matt Kettler [mailto:mkettler at ...4108...]
>Sent: Friday, June 21, 2002 3:33 PM
>To: Jason Gauthier; snort-users at lists.sourceforge.net
>Subject: RE: [Snort-users] Snort rules touble.
>
>
>Yes, it's also why snortrules.tar.gz contains a snort.conf,  
>so that you 
>can look at it for new things you need to include :)
>
>I'd first get things up and running using the supplied rules.
>
>If you then want to try using snortrules.tar.gz, try it, but 
>be aware of 
>the pitfalls involved in assuming you can just use new .rules 
>files with an 
>older.conf file ;)
>
>
>At 02:41 PM 6/21/2002 -0400, Jason Gauthier wrote:
>>I understand now.
>>
>>The rules supplied separately have variables supplied for the ports.
>>The rules supplied with the distribution have them staticly entered.
>>
>>Thanks a lot!
>>
>>
>>
>> >-----Original Message-----
>> >From: Slighter, Tim [mailto:tslighter at ...5174...]
>> >Sent: Friday, June 21, 2002 2:36 PM
>> >To: 'Jason Gauthier'; snort-users at lists.sourceforge.net
>> >Subject: RE: [Snort-users] Snort rules touble.
>> >
>> >
>> >Just like Matt Kettler said,  and pretty sure he is right.  
>You need to
>> >stick with the rules that come with the 1.86 build and NOT use the
>> >snortrules.tar.gz
>




More information about the Snort-users mailing list