Snort mailing list archives
rules set
From: "Don" <Don () WeberOnTheWeb com>
Date: Mon, 25 Nov 2002 13:30:50 -0800
Is there anywhere that has a rules set specifically tuned to O/S or target criteria, for instance, if i have ONLY windows and SQL, i dont need to load the other 14000 rules that look for other types of attacks, and on another network i'd only need *nix type of attacks, has anyone possibly come up with a ruleset based on this idea, it could help reduce the workload on the sensors if there were something like this around, heck, i'd be happy even with each of the rules having the targeted o/s identified in the rule. but some rules I just do not recognize so i am not sure whether or not i might need them. an idea would be, a ruleset for 'windows', a ruleset for SQL, one for IIS, etc... these could each be used as a primary ruleset. then the remaining rules could be add-ons or something. Don ------------------------------------------------------- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- rules set Don (Nov 25)
- Re: rules set Erek Adams (Nov 25)