[Snort-users] Customizing snort rules

Rodrigo B. Ramos rodrigo.ramos at ...11361...
Wed Apr 7 09:49:03 EDT 2004


Hi Simon,


You should configure your snort.conf.

For example:

Configure your server lists.  This allows snort to only look for attacks
to systems that have a service up.  Why look for HTTP attacks if you are
not running a web server?

Configure your service ports.  This allows snort to look for attacks
destined to a specific application only on the ports that application
runs on.

Customize your rule set


Best regards,
Rodrigo Ramos
http://www.triforsec.com.br
http://www.defenselayer.com



On Tue, 2004-04-06 at 05:59, simonkc at ...11578... wrote:
> Hi,
> 
> Can anyone point me in the direction of any document explaining how to
> customize snort rules.
> I have a situation wherein the Snort IDS is alerting even for normal SNMP
> requests and traps. How do it disable these alerts for only specific SNMP
> management stations but keep the SNMP rule turned on??
> 
> Thanks and Regards   
> 
> Simon 
> 
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 





More information about the Snort-users mailing list