[Snort-users] Snort rules touble.
jgauthier at ...6155...
Fri Jun 21 12:35:02 EDT 2002
I added necassary variables to use the latest rules to my snort.conf,
merging any necassary differences.
I'm up to speed now and all is running.
Now I need to simulate some probes/attacks to make sure it's actually
Thanks to all,
>From: Matt Kettler [mailto:mkettler at ...4108...]
>Sent: Friday, June 21, 2002 3:33 PM
>To: Jason Gauthier; snort-users at lists.sourceforge.net
>Subject: RE: [Snort-users] Snort rules touble.
>Yes, it's also why snortrules.tar.gz contains a snort.conf,
>so that you
>can look at it for new things you need to include :)
>I'd first get things up and running using the supplied rules.
>If you then want to try using snortrules.tar.gz, try it, but
>be aware of
>the pitfalls involved in assuming you can just use new .rules
>files with an
>older.conf file ;)
>At 02:41 PM 6/21/2002 -0400, Jason Gauthier wrote:
>>I understand now.
>>The rules supplied separately have variables supplied for the ports.
>>The rules supplied with the distribution have them staticly entered.
>>Thanks a lot!
>> >-----Original Message-----
>> >From: Slighter, Tim [mailto:tslighter at ...5174...]
>> >Sent: Friday, June 21, 2002 2:36 PM
>> >To: 'Jason Gauthier'; snort-users at lists.sourceforge.net
>> >Subject: RE: [Snort-users] Snort rules touble.
>> >Just like Matt Kettler said, and pretty sure he is right.
>You need to
>> >stick with the rules that come with the 1.86 build and NOT use the
More information about the Snort-users