[Snort-users] 3 questions on rules
erek at ...950...
Thu May 15 13:04:14 EDT 2003
On Thu, 15 May 2003, Garrett.Allen at ...8966... wrote:
> thanks for your quick and insightful reply.
> an add on question, if i may. regarding the "p2p gnutella get", isn't
> gnutella is a file share community. so this would be a potential means
> of information sharing that may or may not be permissable, based on
> corporate security policies. hence the attack rule?
Right. The policy.rules file has quite a few rules that _might_ be
against corporate policy. You have to look at them and decide what you
want. If you'll check the archives , you'll come across quite a few
messages that discuss p2p systems and their abuse. IIRC, one person
mentioned they were able to reduce current bandwidth usage by about 60% in
a college dorm situation.
Hope that helps!
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users