Snort mailing list archives
RE: Thoughts on internal vs. external IDS rulesets
From: "Chris Eidem" <ceidem () Dexma com>
Date: Wed, 10 Apr 2002 11:28:07 -0500
Common exploits - this is where the problem lies. With Microsoft servers, just using them causes a raft of false positives and I've lost too much sleep trying to cope with pass rules. Developers accessing servers to add code or people using Exchange cause such a blizzard of activity, I'm beginning to get /really/ frustrated. But I will keep an eye on portscans, thanks for reminding me. - chris
-----Original Message----- From: Steve Ochani [mailto:jpegny () optonline net] Sent: Wednesday, April 10, 2002 11:14 AM To: Chris Eidem Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Thoughts on internal vs. external IDS rulesets On 10 Apr 2002 at 10:43, Chris Eidem wrote:What do y'all look for running around in your network? Virii? PtP programs? Outbound unauthorized connections? Anything I haven't mentioned?Besides what you mentioned I also look for the common exploits and am trying to set up portscan detection from servers being used by students.
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Thoughts on internal vs. external IDS rulesets Chris Eidem (Apr 10)
- Re: Thoughts on internal vs. external IDS rulesets Steve Ochani (Apr 10)
- <Possible follow-ups>
- RE: Thoughts on internal vs. external IDS rulesets Chris Eidem (Apr 10)
- RE: Thoughts on internal vs. external IDS rulesets Sheahan, Paul (PCLN-NW) (Apr 10)
- RE: Thoughts on internal vs. external IDS rulesets Alwin Raymundo (Apr 11)
- RE: Thoughts on internal vs. external IDS rulesets Sheahan, Paul (PCLN-NW) (Apr 11)