Snort mailing list archives
Fine tuning Snort
From: "James Lay" <jlay () slave-tothe-box net>
Date: Thu, 7 Oct 2010 10:26:19 -0600
Hello All. So I'm needing to fine tune snort a bit. I get a high amount of FP's on things like: Emails with .jpg's: [1:12798:3] SHELLCODE base64 x86 NOOP [**] [Classification: Executable Code was Detected] exe downloads from Windows Updates: [1:15306:4] WEB-CLIENT Portable Executable binary file transfer [1:2000419:12] ET POLICY PE EXE or DLL Windows file download I'd rather not just comment out these rules....what are other folks doing to minimize FP's? Thank you. James ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Fine tuning Snort James Lay (Oct 07)
- Re: Fine tuning Snort waldo kitty (Oct 07)
- <Possible follow-ups>
- Re: Fine tuning Snort James Lay (Oct 07)
- Re: Fine tuning Snort waldo kitty (Oct 07)
- Re: Fine tuning Snort James Lay (Oct 08)
- Re: Fine tuning Snort ScottO (Oct 08)
- Re: Fine tuning Snort James Lay (Oct 08)
- Re: Fine tuning Snort Joel Esler (Oct 08)
- Re: Fine tuning Snort James Lay (Oct 08)
- Re: Fine tuning Snort waldo kitty (Oct 07)
- Re: Fine tuning Snort waldo kitty (Oct 08)