[Snort-users] How we can identify and remove old signatures?

Joel Esler joel.esler at ...1935...
Sat Jun 16 08:20:15 EDT 2007

Sorry, to further answer your question, you need to analyze what you  
have on the network you are protecting.  Do you have IIS servers?   
No?  Then do you need to run web-iis.rules?
How about coldfusion webservers?
How about imap servers?
pop3 servers?
finger servers?

You get the point.  Then you can even delve into the categories and  
look at stuff like exploit.rules, do you have veritas backup on your  
network?  No?  Then do you need the veritas rules?  (I don't know if  
there is veritas rules in exploit.rules off the top of my head, I am  
just using an example.)

joel esler | security consultant | Sourcefire | pgp  key is public

On Jun 16, 2007, at 2:39 AM, bahamin takhtaei wrote:

> Hi,
> as you know snort has a lot of signatures that some of them are  
> expired now.
> Do you have any idea to identify and remove the expired signatures?  
> (I want to
> decrease the loading time)
> thank you in advanced,
> Bahamin
> Be a better Globetrotter. Get better travel answers from someone  
> who knows.
> Yahoo! Answers - Check it out.
> ---------------------------------------------------------------------- 
> ---
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/ 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20070616/b22d9434/attachment.html>

More information about the Snort-users mailing list