Snort mailing list archives
Re: rules explanations
From: James Lay <jlay () slave-tothe-box net>
Date: Tue, 09 Sep 2014 06:35:26 -0600
On Tue, 2014-09-09 at 11:57 +0000, Sharif Uddin wrote:
Hello I am trying to understand these rules, is there a page where it describes each and every rule? If I google the rule I don’t get any explanation of the rule other than suppress or disable them? I have so far suppressed the following which has reduced the alerts a lot. #(http_inspect) SIMPLE REQUEST suppress gen_id 119, sig_id 32, track by_src, ip $HOME_NET
Read the README.http_inspect in the snort source/doc directory. Joel, are these on github or the snort.org site anywhere? James
------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce. Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- rules explanations Sharif Uddin (Sep 09)
- Re: rules explanations James Lay (Sep 09)