Re: [Snort-users] Reduce false positive

Check out the tcpdump manual page.

/Mike

On Tue, 21 Dec 2004 15:41:09 +0800, sam wun <sam.wun@authtec.com> wrote:
> Hi,
>
> My work enviornment has few access points to connect to the Internet:
> http, smtp, imap, pop3, and ssh.
>
> How can I use snort to monitor these ports while reduce its false positive?
>
> Apart from enimate all rules that are not used, I would like to use -F
> filters argument in the snort commandline, but not sure how to do it
> specifically within this context.
>
> Your suggestion is highly appreciated.
>
> Thanks
> Sam
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://productguide.itmanagersjournal.com/
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/...fo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.p...st=snort-users
>


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users