Re: [Snort-users] Newbie needs help with SID countermeasure
This is a discussion on Re: [Snort-users] Newbie needs help with SID countermeasure within the Snort forums, part of the System Security and Security Related category; Hi Kevin, None of those rules is particularly critical, especially if you're running an Apache server. Check the rule ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-03-2004
|
|||
|
|||
Re: [Snort-users] Newbie needs help with SID countermeasure
Hi Kevin,
None of those rules is particularly critical, especially if you're running an Apache server. Check the rule documents for those SIDs if you want more info about the particular rules that are firing. Remember, just because we write a rule doesn't mean you have to run it! -Marty On Jul 30, 2004, at 11:24 PM, Kevin Old wrote: > Hello everyone, > > I'm still very new to Snort and have got it working with ACID. I'm > trying to block offensive activity that is being logged by Snort. > > I've got a few SID's 1288, 1852, 1013, 1012 that keep showing up in > ACID and I'm trying to figure out a way to block them or keep them > from showing up in ACID. > > I've done everything the countermeasures say, but most just say to > make sure that packages are up to date. > > I'm running RH 9.0, with Apache 1.3.31 and the latest mod_frontpage. > > Any suggestions? > > -- > Kevin Old > kevinold@gmail.com > > > ------------------------------------------------------- > This SF.Net email is sponsored by OSTG. Have you noticed the changes on > Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, > one more big change to announce. We are now OSTG- Open Source > Technology > Group. Come see the changes on the new OSTG site. www.ostg.com > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > > -- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Intelligent Security Monitoring roesch@sourcefire.com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
