Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: rules explanations

From: James Lay <jlay () slave-tothe-box net>
Date: Tue, 09 Sep 2014 06:35:26 -0600
On Tue, 2014-09-09 at 11:57 +0000, Sharif Uddin wrote:

Hello

 

 

I am trying to understand these rules, is there a page where it
describes each and every rule?

 

If I google the rule I don’t get any explanation of the rule other
than suppress or disable them?

 

I have so far suppressed the following which has reduced the alerts a
lot. 

 

 

#(http_inspect) SIMPLE REQUEST

suppress gen_id 119, sig_id 32, track by_src, ip $HOME_NET



Read the README.http_inspect in the snort source/doc directory.  Joel,
are these on github or the snort.org site anywhere?

James



------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce.
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: