Network Security: Detailed info on [Snort-sigs] Re: Thresholds on Policy Rules

Subject:	[Snort-sigs] Re: Thresholds on Policy Rules
Date:	Thu, 14 Oct 2004 10:33:46 -0400

Subject:

[Snort-sigs] Re: Thresholds on Policy Rules

Date:

Thu, 14 Oct 2004 10:33:46 -0400

On Thu, Oct 14, 2004 at 07:40:18AM -0500, Matt Jonkman wrote:

What do you think about adding thresholds to the existing snort.org
porn rules? That'd eliminate the few falses that hit on those
rules. And if so, what would be a good threshold. I think I guessed
and put up 5 hits in 5 minutes by dest on those rules.

Anyone else have comments on that threshold? We have any avid porn
surfers that want to test the rules. :)


So.... Ummm... What do you think of adding thresholds to the snort.org 
porn rules? That a possibility?


Yep.  I'd want to test it out first.  Of course, I'll have to find a
network with people looking at porn first.  

No, I prefer DVDs, so my home network won't work for that.  :P

Brian


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [Snort-sigs] Broken 1429.2 (POLICY poll.gotomypc.com access), (continued) Re: [Snort-sigs] Broken 1429.2 (POLICY poll.gotomypc.com access), Brian CAUTION: Long Rant!!! Re: [Snort-sigs] Broken 1429.2 (POLICY poll.gotomypc.com access), Matt Jonkman Re: CAUTION: Long Rant!!! Re: [Snort-sigs] Broken 1429.2 (POLICY poll.gotomypc.com access), Brian Re: CAUTION: Long Rant!!! Re: [Snort-sigs] Broken 1429.2 (POLICY poll.gotomypc.com access), Matt Jonkman [Snort-users] RE: CAUTION: Long Rant!!! Re: [Snort-sigs] Broken 1429.2 (POLICY poll.gotomypc.com access), Eric Hines Re: CAUTION: Long Rant!!! Re: [Snort-sigs] Broken 1429.2 (POLICY poll.gotomypc.com access), Bamm Visscher Re: CAUTION: Long Rant!!! Re: [Snort-sigs] Broken 1429.2 (POLICY poll.gotomypc.com access), Matt Jonkman Re: CAUTION: Long Rant!!! Re: [Snort-sigs] Broken 1429.2 (POLICY poll.gotomypc.com access), Bamm Visscher Re: CAUTION: Long Rant!!! Re: [Snort-sigs] Broken 1429.2 (POLICY poll.gotomypc.com access), Matt Jonkman [Snort-sigs] Thresholds on Policy Rules, Matt Jonkman [Snort-sigs] Re: Thresholds on Policy Rules, Brian <= [Snort-sigs] Re: Thresholds on Policy Rules, Matt Jonkman Re: [Snort-sigs] Thresholds on Policy Rules, Jason Re: [Snort-sigs] Thresholds on Policy Rules, Matt Jonkman Re: [Snort-sigs] Thresholds on Policy Rules, Jason Re: [Snort-sigs] Thresholds on Policy Rules, Matt Jonkman Re: [Snort-sigs] Thresholds on Policy Rules, James Riden Re: [Snort-sigs] Thresholds on Policy Rules, Frank Knobbe Re: CAUTION: Long Rant!!! Re: [Snort-sigs] Broken 1429.2 (POLICY poll.gotomypc.com access), Paul Schmehl

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: [Snort-sigs] NNTP XPAT overflow attempt (CAN-2004-0574), Brian
Next by Date:	[Snort-sigs] Signature false positive update #2590, Smargiassi William
Previous by Thread:	[Snort-sigs] Thresholds on Policy Rules, Matt Jonkman
Next by Thread:	[Snort-sigs] Re: Thresholds on Policy Rules, Matt Jonkman
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: [Snort-sigs] NNTP XPAT overflow attempt (CAN-2004-0574), Brian

Next by Date:

[Snort-sigs] Signature false positive update #2590, Smargiassi William

Previous by Thread:

[Snort-sigs] Thresholds on Policy Rules, Matt Jonkman

Next by Thread:

[Snort-sigs] Re: Thresholds on Policy Rules, Matt Jonkman

Indexes:

[Date] [Thread] [Top] [All Lists]