[Snort-users] Server lists defrined in snort.conf

Colin Grady colin.grady at ...11827...
Tue Apr 13 14:33:11 EDT 2010


Alejandro,

The variables should remain in place, whether updated or not, so that
you can continue to use the rules that reference them. You never know
when someone may turn up a rogue telnet service on your network, and
the Snort rules can help you 1) identify that rogue system and 2)
identify someone actively attempting to exploit that system. As a
general rule, keep the variables defined in the provided snort.conf in
place, and add new ones as necessary to facilitate your own rule
writing efforts.

Good luck!

Colin


On Tue, Apr 13, 2010 at 8:54 AM, Joel Esler <joel.esler at ...14399...> wrote:
> If you don't have systems that run the telnet service, then you don't have
> to do anything.
>
> --
> Joel Esler
> Sent from my iPhone
> On Apr 13, 2010, at 9:47 AM, Alejandro Cabrera Obed <aco1967 at ...11827...>
> wrote:
>
> Joel, so what do I have to maintain var TELNET_SERVERS line in snort.conf if
> I have not a telnet server in my network ??? can you explain to me please
> ???
> Thanks again !!!
>
> 2010/4/13 Joel Esler <joel.esler at ...14399...>
>>
>>
>> --
>> Joel Esler
>> Sent from my iPhone
>>
>> On Apr 13, 2010, at 9:36 AM, Alejandro Cabrera Obed <aco1967 at ...11827...>
>> wrote:
>>
>>> Dear, I see that snort.conf has defined the following server lists:
>>>
>>> var DNS_SERVERS $HOME_NET
>>> var SMTP_SERVERS $HOME_NET
>>> var HTTP_SERVERS $HOME_NET
>>> var SQL_SERVERS $HOME_NET
>>> var TELNET_SERVERS $HOME_NET
>>> var FTP_SERVERS $HOME_NET
>>> var SNMP_SERVERS $HOME_NET
>>>
>>> Two short questions:
>>>
>>> 1) Should I have to comment TELNET_SERVERS and SNMP_SERVERS if I have not
>>> these type of services in my network ???
>>
>> No.
>>
>>
>>>
>>> 2) Should I have to add a new server line if I have a LDAP server ???
>>
>> You can, but it's not necessary to do so unless you are going to write
>> rules to use that variable. But generally, no.
>>
>>
>>>
>>> Special thanks
>>>
>>> A:)
>>>
>>> ------------------------------------------------------------------------------
>>> Download Intel® Parallel Studio Eval
>>> Try the new software tools for yourself. Speed compiling, find bugs
>>> proactively, and fine-tune applications for parallel performance.
>>> See why Intel Parallel Studio got high marks during beta.
>>> http://p.sf.net/sfu/intel-sw-dev
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
> --
> Alejandro Cabrera Obed
> aco1967 at ...11827...
> www.alejandrocabrera.com.ar
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list