Re: [Snort-users] rules vs. suppress
This is a discussion on Re: [Snort-users] rules vs. suppress within the Snort forums, part of the System Security and Security Related category; Sorry for the delayed response. [insert standard excuse here] ;) On Thu, Mar 24, Lee Clemens wrote: > That all makes ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-30-2005
|
|||
|
|||
Re: [Snort-users] rules vs. suppress
Sorry for the delayed response. [insert standard excuse here] ;)
On Thu, Mar 24, Lee Clemens wrote: > That all makes sense, but a serious caveat...what suppress statement > wouldn't cause the rule to be pointless? (alert any any <> 10/8 any) After having a better look at what you're trying to do, Marc Norton and I both agree. Making a broad suppression generalization does nullify your rule statement - you do shutdown quite a bit of alerting this way. Suppression is too specific for what you want. > Am I overlooking a simple solution for this? Your original 21 rules were better for what you're trying to do. I'd be happy to poke at your config with you. Send it to me off list if you want. ------------------------------------------------------- This SF.net email is sponsored by Demarc: A global provider of Threat Management Solutions. Download our HomeAdmin security software for free today! http://www.demarc.com/info/Sentarus/hamr30 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
