[Snort-users] request for new Classification?

Rich Adamson radamson at ...2127...
Fri Sep 17 09:49:01 EDT 2004


What's the proper way to request new Classification strings for the
classification.config file?

Would like to see something that describes 'very serious activity'
that needs to be escalated and resolved ASAP. For example, while
sniffing traffic on a DMZ where only https should reside, I'd like
to alert on ftp, telnet, or other rather generic protocols that should
_never_ occur (could be inbound or outbound).

On the backend of the alerting process, I'd like to initiate pager 
alerts based on keywords, etc. Fully understand the keywords can be
part of the Msg, but none of the Classifications suggest anything
as serious as what might be happening.

Thoughts?

Rich






More information about the Snort-users mailing list