Snort mailing list archives
default snort rules
From: Abhijit Tikekar <abhijittikekar () gmail com>
Date: Tue, 8 Jul 2014 14:27:53 -0400
Hi, I am a new snort user. Current implementation is snort-2.9.6.1 on CentOS 6.4 along with barnyard and snorby. My question is regarding the ruleset which I downloaded as a registered user. Many of the rule files are empty, e.g, icmp.rules, or ddos.rules. Are these supposed to be empty? The reason I am asking is because when I used pytbull against snort to test, snort.log never recorded anything. When I add a test icmp rule(alert icmp any any -> any any (msg:"ICMP Packet"; sid:477; rev:3;), then only that is captured by snort, nothing else. How much tuning should I do to my default snort ruleset before noticing any alerts by scans from pytbull etc? Is the default snort implementation capable of detecting such attacks? I enabled all options in pytbull while scanning, e.g. Fragmented packets, brute force, shellcodes, DOS etc.. Ruleset used: *snortrules-snapshot-2961.tar.gz* Please advise. Thanks, Abhi
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- default snort rules Abhijit Tikekar (Jul 08)
- Snort additional-downloads dead link Guillaume Daleux (Jul 08)
- Re: Snort additional-downloads dead link Jaime Nebrera (Jul 08)
- Re: Snort additional-downloads dead link Guillaume Daleux (Jul 08)
- Re: Snort additional-downloads dead link Juan Jesus Prieto (Jul 08)
- Re: Snort additional-downloads dead link Jaime Nebrera (Jul 08)
- Re: Snort additional-downloads dead link Jason (Jul 08)
- Snort additional-downloads dead link Guillaume Daleux (Jul 08)
- Re: default snort rules waldo kitty (Jul 08)
- Re: default snort rules Joel Esler (jesler) (Jul 08)
- Re: default snort rules Abhijit Tikekar (Jul 10)
- Re: default snort rules Jeremy Hoel (Jul 10)
- Re: default snort rules Abhijit Tikekar (Jul 10)
- Re: default snort rules Abhijit Tikekar (Jul 10)