Snort mailing list archives
Disable all rules for a platform?
From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>
Date: Wed, 27 Jun 2001 13:17:49 -0400
Hello, I wanted to get everyone's opinion on this. Does anyone recommend shutting off all rules for a certain platform if they don't have that platform in their environment? For example, if I have an all-Unix environment, does anyone out there disable all Microsoft related rules? I mean if a hacker can't detect what OS I'm running on my web servers and throw attacks at it that are for another platform, then they aren't very good hackers anyway and really aren't much of a threat. I figure that Snort needs every cycle it can get so why not get rid of all rules applying to platforms I don't have? The second question is, if I did want to disable checks for a platform, it doesn't appear to be an easy task.....it looks like all rules are mixed together throughout the rules files. Any feedback would be appreciated! Thanks, Paul _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Disable all rules for a platform? Sheahan, Paul (PCLN-NW) (Jun 27)