[Snort-users] pulledpork

James snort at ...16635...
Tue Jun 28 09:11:51 EDT 2016


Hello all,

I'm a bit stuck with setting up pulledpork for the first time, specifically
disabling certain rules. I've read flowbits can cause this, but that's not
present in the first one I've checked. My pulledpork.conf points to the
correct location for disablesid.conf, which I've listed out a few like:

3:19187 # PROTOCOL-DNS TMG Firewall Client long host entry exploit attempt

When I re-run pulledpork.pl it says no rule changes are made and when I
then restart Snort, I still see these rules firing.

While I'm here trying to solve that I may as well ask another question: Can
I also use disablesid.conf to disable things like certain http_inspect
and/or stream5 events, which don't appear to exist in the snort.rules file
pulledpork uses?

Thanks for your wisdom.

James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160628/bd394c66/attachment.html>


More information about the Snort-users mailing list