Snort mailing list archives

RE: Thoughts on internal vs. external IDS rulesets

From: "Chris Eidem" <ceidem () Dexma com>
Date: Wed, 10 Apr 2002 11:28:07 -0500

Common exploits - this is where the problem lies.

With Microsoft servers, just using them causes a raft of false positives
and I've lost too much sleep trying to cope with pass rules.  Developers
accessing servers to add code or people using Exchange cause such a
blizzard of activity, I'm beginning to get /really/ frustrated.

But I will keep an eye on portscans, thanks for reminding me.

 - chris

-----Original Message-----
From: Steve Ochani [mailto:jpegny () optonline net]
Sent: Wednesday, April 10, 2002 11:14 AM
To: Chris Eidem
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Thoughts on internal vs. external IDS
rulesets


On 10 Apr 2002 at 10:43, Chris Eidem wrote:

What do y'all look for running around in your network?  Virii?  PtP
programs?  Outbound unauthorized connections?  Anything I haven't
mentioned?


Besides what you mentioned I also look for the common 
exploits and am trying to set up 
portscan detection from servers being used by students.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Thoughts on internal vs. external IDS rulesets Chris Eidem (Apr 10)
- Re: Thoughts on internal vs. external IDS rulesets Steve Ochani (Apr 10)
- <Possible follow-ups>
- RE: Thoughts on internal vs. external IDS rulesets Chris Eidem (Apr 10)
- RE: Thoughts on internal vs. external IDS rulesets Sheahan, Paul (PCLN-NW) (Apr 10)
  - RE: Thoughts on internal vs. external IDS rulesets Alwin Raymundo (Apr 11)
- RE: Thoughts on internal vs. external IDS rulesets Sheahan, Paul (PCLN-NW) (Apr 11)