[Snort-users] Barebones Snort Install
Thomas Hyslip
thomas.hyslip at ...11827...
Fri Jan 3 19:30:30 EST 2014
Long story short, I want to install Snort with one rules or pre-processors.
Basically, I want to run Snort and write a few small rules myself to test
a theory, and I don't want any other alerts going off.
I install Snort, barnyard2, etc and everything will working fine, but I
can't get rid of a few pre-processor alerts. I have '#' out all the lines
in snort.conf for rules and pre-processors but cant get ride of certain
alerts (http inspect: long header; stream5, tecp small segment threshold. )
The other strange issue, I wrote a small rule just to test Snort for tcp
traffic to any external on port 80 and it worked. But I have deleted the
rule and restarted, and I am still getting alerts for the rule.
I would love to fix this install, but if not possible, any advice on a
fresh install with no signatures or rules in place would be very much
appreciated.
Thanks
Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140103/f7d704d2/attachment.html>
More information about the Snort-users
mailing list