snort at ...16635...
Tue Jun 28 09:11:51 EDT 2016
I'm a bit stuck with setting up pulledpork for the first time, specifically
disabling certain rules. I've read flowbits can cause this, but that's not
present in the first one I've checked. My pulledpork.conf points to the
correct location for disablesid.conf, which I've listed out a few like:
3:19187 # PROTOCOL-DNS TMG Firewall Client long host entry exploit attempt
When I re-run pulledpork.pl it says no rule changes are made and when I
then restart Snort, I still see these rules firing.
While I'm here trying to solve that I may as well ask another question: Can
I also use disablesid.conf to disable things like certain http_inspect
and/or stream5 events, which don't appear to exist in the snort.rules file
Thanks for your wisdom.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users