[Snort-users] some commented rules default?

John Sage jsage at ...2022...
Sun Jun 8 20:41:04 EDT 2003


um..

On Mon, Jun 09, 2003 at 11:15:13AM +0900, sb ch wrote:
> Hello, all.
> 
> When I check main config file, snort.conf.
> I can see some commented rules like this.
> Why these rules are commented default?


How closely did you "check" it?


> # include $RULE_PATH/web-attacks.rules
> # include $RULE_PATH/backdoor.rules
> # include $RULE_PATH/shellcode.rules
> # include $RULE_PATH/policy.rules
> # include $RULE_PATH/porn.rules
> # include $RULE_PATH/info.rules
> # include $RULE_PATH/icmp-info.rules
> # include $RULE_PATH/virus.rules
> # include $RULE_PATH/chat.rules
> # include $RULE_PATH/multimedia.rules
> # include $RULE_PATH/p2p.rules


At the top of all the rules:

#=========================================
# Include all relevant rulesets here
#
# shellcode, policy, info, backdoor, and virus rulesets are
# disabled by default.  These require tuning and maintance.
# Please read the included specific file for more information.
#=========================================



- John
-- 
"Obviously, we do not want to leave zombies around."




More information about the Snort-users mailing list