Snort mailing list archives
Disable by name in pulled pork
From: Nicholas Horton <fivetenets () me com>
Date: Thu, 19 Jun 2014 14:47:28 -0400
I saw this on a forum page. Is this possible to do in pulled pork? I want to disable some rules but don't know exactly how or the sid ID. I like this way if it works. I just don't know where or how these disable rules were entered. Thanks! OK. Deleted the entries on... Applications > IDS Rules >Disabled Downloaded Rules # Disable "stream5: TCP Small Segment Threshold Exceeded" # Disable "ssh: Protocol mismatch" # Disable "http_inspect: LONG HEADER" # Disable "sensitive_data: sensitive data global threshold exceeded" # Disable "stream5: Reset outside window" # Disable "http_inspect: MESSAGE WITH INVALID CONTENT-LENGTH OR CHUNK SIZE" Nick ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Disable by name in pulled pork Nicholas Horton (Jun 19)
- Re: Disable by name in pulled pork Y M (Jun 19)