Snort mailing list archives
Re: Can snort be smarter?
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Tue, 2 Jul 2002 11:27:37 +1200
On Mon, Jul 01, 2002 at 03:01:14PM -0700, Kevin Brown wrote:
Why not set up the rules yourself to only trigger when they go after your IIS servers or apache servers? Define a few more variables in your snort.conf file to cover IIS servers or apache or whatever app, then in the rules use that definition to replace the default.
...because that actually requires me to know what's on my networks :-) Unfortunately, I don't have that level of control over all the networks I want to run IDSes on. :-( ...although it may be worth scripting for - a little bit of nmap and nc could go a long way... Hmmmmm -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Can snort be smarter? Jason Haar (Jul 01)
- <Possible follow-ups>
- RE: Can snort be smarter? Kevin Brown (Jul 01)
- Re: Can snort be smarter? Jason Haar (Jul 01)