[Snort-users] Rule Selection

Jose Maria Lopez jkerouac at ...12346...
Thu Feb 10 02:43:02 EST 2005


El jue, 10 de 02 de 2005 a las 19:30, Rudi Starcevic escribió:
> Hi,
> 
> A colleague of mine suggested to me that a machine with only port 80 
> open ( www server ) one should only use www Snort rules.
> That would mean not using alot of available rules for intrusion 
> detection, is that wise ?

If you *only* have port 80 open in your firewall then you only
need the HTTP rules. Or any rule that uses the port 80. That's the best 
option, I think.

> Thanks
> Best regards
> Rudi

Regards.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at ...12346...
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"





More information about the Snort-users mailing list