[Snort-users] Making snort smarter...

Paul Schmehl pauls at ...6838...
Tue Apr 29 07:50:18 EDT 2003


Sure, I could do that, and then I'd have to cron it so that after 
oinkmaster replaces the rules they get fixed again.

Wouldn't it be simpler to just incorporate this as a change to the ruleset? 
That way it's fixed for everyone.

--On Tuesday, April 29, 2003 09:03:50 PM +1200 Jason Haar 
<Jason.Haar at ...294...> wrote:

> Paul Schmehl wrote:
>> For the specific example you give I think it would be entirely
>> appropriate to create a var called "$IIS_SERVERS" and then put all the
>> *other* webservers under $HTTP_SERVERS.  I've suggested this before, and
>> I'd love to see it implemented in the rules, because IIS is a beast unto
>> itself.
>
> Good idea - but as all IIS rules are within web-iis.rules, why not just
> script a rewrite?
>
> echo "var IIS_SERVERS [1.2.3.4/32,2.3.4.1/32]"
> sed 's/HTTP_SERVERS/IIS_SERVERS/g' web-iis.rules
>
>
> Jason
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu




More information about the Snort-users mailing list