[Snort-users] Barebones Snort Install

Thomas Hyslip thomas.hyslip at ...11827...
Fri Jan 3 19:30:30 EST 2014


Long story short, I want to install Snort with one rules or pre-processors.
 Basically, I want to run Snort and write a few small rules myself to test
a theory, and I don't want any other alerts going off.

I install Snort, barnyard2, etc and everything will working fine, but I
can't get rid of a few pre-processor alerts. I have '#' out all the lines
in snort.conf for rules and pre-processors but cant get ride of certain
alerts (http inspect: long header; stream5, tecp small segment threshold. )

The other strange issue, I wrote a small rule just to test Snort for tcp
traffic to any external on port 80 and it worked. But I have deleted the
rule and restarted, and I am still getting alerts for the rule.

I would love to fix this install, but if not possible, any advice on a
fresh install with no signatures or rules in place would be very much
appreciated.

Thanks
Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140103/f7d704d2/attachment.html>


More information about the Snort-users mailing list