[Snort-users] [RGSPAM] Re: network bandwidth downs when snort inoine is up

carlopmart carlopmart at ...11827...
Thu Oct 11 03:01:09 EDT 2007


Will Metcalf wrote:
> Yeah or mod_security, you could actually do av scanning with
> mod_security as well.
> 
> Regards,
> 
> Will
> 

It is a good idea Will, but my customer need to use an IDS (web servers that I 
need to protect aren't apache servers) ...


> On 10/10/07, Joel Esler <joel.esler at ...1935...> wrote:
>> These two rulesets are entirely comprised of "ip" rules.  Which are
>> the slowest kind.  If you are going to use Snort to do this type of
>> activity, I suggest you take the IP's in those rules and use them in
>> your iptables firewall, maybe Bleeding-threats can develop some type
>> of firewall rules.
>>
>> Try shutting these two rulesets off and try again.
>>
>>
>> --
>> joel esler
>> http://demo.sourcefire.com/jesler.pgp.key
>>
>>
>>
>> On Oct 10, 2007, at 12:38 PM, carlopmart wrote:
>>
>>> bleeding-compromised.rules
>>> bleeding-dshield.rules
>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by: Splunk Inc.
>> Still grepping through log files to find problems?  Stop.
>> Now Search log events and configuration files using AJAX and a browser.
>> Download your FREE copy of Splunk now >> http://get.splunk.com/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
> 


-- 
CL Martinez
carlopmart {at} gmail {d0t} com




More information about the Snort-users mailing list