[Snort-users] which rules to load ?

Pratik Narang pratik.cse.bits at ...11827...
Wed Aug 29 07:07:54 EDT 2012


Alright this might sound like a total noob question, but I am badly
stuck on this-

How is it to be decided that what Snort rules I should
enable/uncomment? The purpose is to configure Snort as an IDS to
monitor network activity, and alert against the standard set of things
an IDS should alert against- buffer overflow attacks, injection
attacks, port scans & information leaks to name a few, or in general,
the attempts to detect/exploit vulnerabilities, leak data and evade
policies.

Is there anyone out there running who is Snort for a commercial
environment or at least for a medium sized network? How does one
shortlist on the .rules files to be used and the rules (in them) to be
enabled ??

Thanks...




More information about the Snort-users mailing list