Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Disable by name in pulled pork

From: Nicholas Horton <fivetenets () me com>
Date: Thu, 19 Jun 2014 14:47:28 -0400
I saw this on a forum page. Is this possible to do in pulled pork?

I want to disable some rules but don't know exactly how or the sid ID. I like this way if it works. 

I just don't know where or how these disable rules were entered.

Thanks!

OK. Deleted the entries on...
Applications > IDS Rules >Disabled Downloaded Rules
# Disable "stream5: TCP Small Segment Threshold Exceeded"
# Disable "ssh: Protocol mismatch"
# Disable "http_inspect: LONG HEADER"
# Disable "sensitive_data: sensitive data global threshold exceeded"
# Disable "stream5: Reset outside window"
# Disable "http_inspect: MESSAGE WITH INVALID CONTENT-LENGTH OR CHUNK SIZE"

Nick

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: