Snort mailing list archives
RE: Alert question???
From: "Hicks, John" <JHicks () JUSTICE GC CA>
Date: Tue, 13 Aug 2002 12:58:41 -0400
Depending on the scenario, they can be usefull for detecting 'unwanted' usage of network services. These types of rules, along with MSN, IRC and the like, I seperate into a 'Policy' node that gets much less regular monitoring. John Hicks -----Original Message----- From: quentyn () fotango com [mailto:quentyn () fotango com] Sent: Tuesday, August 13, 2002 12:52 PM To: Joe Giles Cc: Know How; snort-users () lists sourceforge net Subject: Re: [Snort-users] Alert question??? Joe Giles wrote:
Actually, I have been getting this too. I think its a bug. If you look at
the packet data, there is probobly a work in there that starts or ends with VIRGIN. Like, for exampe VIRGINIA. LOL... I just dissabled the PORN section and use another app for that :)...
Hope this helps..
I thought that the porn rules were a piss take anyway ? I thought that their prescence was due to the other IDS vendor's saying that they had them as a selling point ? Q -- ##################### Quentyn Taylor Sysadmin - Fotango ##################### `Naturally, a sysadmin's entire person is holy. We have the power to kill daemons.' Mike Sphar ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alert question??? Know How (Aug 13)
- Re: Alert question??? quentyn (Aug 13)
- <Possible follow-ups>
- Re: Alert question??? Joe Giles (Aug 13)
- Re: Alert question??? quentyn (Aug 13)
- Re: Alert question??? Ian Macdonald (Aug 13)
- Re: Alert question??? quentyn (Aug 13)
- Re: Alert question??? Joe Giles (Aug 13)
- RE: Alert question??? Hicks, John (Aug 13)
- RE: Alert question??? Hicks, John (Aug 13)
- Re: Alert question??? Joe Giles (Aug 13)
- Re: Alert question??? Dan Mahoney, System Admin (Aug 13)
- RE: Alert question??? Mike S. (Aug 17)