[Snort-users] 3 questions on rules

Erek Adams erek at ...950...
Thu May 15 13:04:14 EDT 2003

On Thu, 15 May 2003, Garrett.Allen at ...8966... wrote:

> thanks for your quick and insightful reply.

No problem.

> an add on question, if i may. regarding the "p2p gnutella get", isn't
> gnutella is a file share community. so this would be a potential means
> of information sharing that may or may not be permissable, based on
> corporate security policies.  hence the attack rule?

Right.  The policy.rules file has quite a few rules that _might_ be
against corporate policy.  You have to look at them and decide what you
want.  If you'll check the archives [0], you'll come across quite a few
messages that discuss p2p systems and their abuse.  IIRC, one person
mentioned they were able to reduce current bandwidth usage by about 60% in
a college dorm situation.

Hope that helps!

Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

[0]	http://marc.theaimsgroup.com/?l=snort-users&r=1&w=2

More information about the Snort-users mailing list