Snort mailing list archives
Re: Customizing snort rules
From: "Rodrigo B. Ramos" <rodrigo.ramos () triforsec com br>
Date: Wed, 07 Apr 2004 13:44:47 -0300
Hi Simon, You should configure your snort.conf. For example: Configure your server lists. This allows snort to only look for attacks to systems that have a service up. Why look for HTTP attacks if you are not running a web server? Configure your service ports. This allows snort to look for attacks destined to a specific application only on the ports that application runs on. Customize your rule set Best regards, Rodrigo Ramos http://www.triforsec.com.br http://www.defenselayer.com On Tue, 2004-04-06 at 05:59, simonkc () netsol co in wrote:
Hi, Can anyone point me in the direction of any document explaining how to customize snort rules. I have a situation wherein the Snort IDS is alerting even for normal SNMP requests and traps. How do it disable these alerts for only specific SNMP management stations but keep the SNMP rule turned on?? Thanks and Regards Simon ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Customizing snort rules simonkc (Apr 06)
- Re: Customizing snort rules Edin Dizdarevic (Apr 06)
- Re: Customizing snort rules AJ Butcher, Information Systems and Computing (Apr 06)
- Re: Customizing snort rules Rodrigo B. Ramos (Apr 07)
- <Possible follow-ups>
- RE: Customizing snort rules simonkc (Apr 06)
- Re: Customizing snort rules Edin Dizdarevic (Apr 06)