[Snort-users] Disable by name in pulled pork

Y M snort at ...15979...
Thu Jun 19 14:58:38 EDT 2014



> From: fivetenets at ...14399...
> Date: Thu, 19 Jun 2014 14:47:28 -0400
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Disable by name in pulled pork
> 
> I saw this on a forum page. Is this possible to do in pulled pork?
> 
> I want to disable some rules but don't know exactly how or the sid ID. I like this way if it works. 
> 
> I just don't know where or how these disable rules were entered.
> 
> Thanks!
> 
> OK. Deleted the entries on...
> Applications > IDS Rules >Disabled Downloaded Rules
> # Disable "stream5: TCP Small Segment Threshold Exceeded"
> # Disable "ssh: Protocol mismatch"
> # Disable "http_inspect: LONG HEADER"
> # Disable "sensitive_data: sensitive data global threshold exceeded"
> # Disable "stream5: Reset outside window"
> # Disable "http_inspect: MESSAGE WITH INVALID CONTENT-LENGTH OR CHUNK SIZE"
> 
> Nick
> 
These seem like comments/documentation to me, specially with the first line saying "Applications > IDS.....". I think you may be abel to achieve the same with pcre? Haven't done it before though.
YM
> ------------------------------------------------------------------------------
> HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
> Find What Matters Most in Your Big Data with HPCC Systems
> Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
> Leverages Graph Analysis for Fast Processing & Easy Data Exploration
> http://p.sf.net/sfu/hpccsystems
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140619/da4ac199/attachment.html>


More information about the Snort-users mailing list