[Snort-users] how to acquire best setting of snort rules?

Joel Esler jesler at ...1935...
Sun Apr 17 09:34:15 EDT 2011


On Apr 16, 2011, at 9:34 AM, "M.Turner Turner" <msbzag at ...11827...> wrote:

> how to acquire best setting of snort rules?
> 
> can i change the action of all rules to reject, to achive the best security?

You can, I don't think I'd recommend that. You'd reject legitimate traffic as well as harmful.  I'd also recommend "drop" instead of reject. 


> 
> can i enable all rules , to achive the best security?

You can, but performance on the sensor would be hurt, and you'd have to deal with a very large alert rate. 

You should try a Snort install and give it a shot. 



More information about the Snort-users mailing list