[Snort-users] Newbie needs help with SID countermeasure

Martin Roesch roesch at ...1935...
Mon Aug 2 20:21:24 EDT 2004


Hi Kevin,

None of those rules is particularly critical, especially if you're 
running an Apache server.  Check the rule documents for those SIDs if 
you want more info about the particular rules that are firing.

Remember, just because we write a rule doesn't mean you have to run it!

      -Marty


On Jul 30, 2004, at 11:24 PM, Kevin Old wrote:

> Hello everyone,
>
> I'm still very new to Snort and have got it working with ACID.  I'm
> trying to block offensive activity that is being logged by Snort.
>
> I've got a few SID's 1288, 1852, 1013, 1012 that keep showing up in
> ACID and I'm trying to figure out a way to block them or keep them
> from showing up in ACID.
>
> I've done everything the countermeasures say, but most just say to
> make sure that packages are up to date.
>
> I'm running RH 9.0, with Apache 1.3.31 and the latest mod_frontpage.
>
> Any suggestions?
>
> -- 
> Kevin Old
> kevinold at ...11827...
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by OSTG. Have you noticed the changes on
> Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
> one more big change to announce. We are now OSTG- Open Source 
> Technology
> Group. Come see the changes on the new OSTG site. www.ostg.com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Intelligent Security Monitoring
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-users mailing list