[Snort-users] Making snort smarter...

Jason Haar Jason.Haar at ...294...
Tue Apr 29 14:35:03 EDT 2003


One word of warning: if you start altering the rules so that some rules
don't apply to some hosts, you'd better make sure you *intimately*
understand everything to do with those rules and hosts and *know for sure*
that there's no way in hell that rule would ever trigger against other hosts. 

e.g. I can easily see people dropping the CGI checks for their IIS servers,
unaware that ActivePerl had been installed on them...

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1




More information about the Snort-users mailing list