Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Snort-users] Snort Basica Help on tuning signatures

from [adamk] Network Security [Permanent Link]
Subject: RE: [Snort-users] Snort Basica Help on tuning signatures
Date: Sun, 30 Jan 2005 23:33:30 -0800 
There are a few ways to do it, the easiest is one of the following:
1. You can disable groups of rules in snort.conf by commenting out (#) the
relevant line -
Ex: include $RULE_PATH/nntp.rules -> #include $RULE_PATH/nntp.rules
- OR -
2. You can comment out specific rules located in the rules directory, i.e.
if you're running IIS and want to disable WebDAV rules, comment out the
relevant WebDAV signatures.

Keep in mind that defining variables in your snort.conf file is an effective
method of tuning the policy.

Good luck
~ adam

 

-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of sEc nErD
Sent: Sunday, January 30, 2005 12:46 PM
To: Snort-users@lists.sourceforge.net
Subject: [Snort-users] Snort Basica Help on tuning signatures


hi all
Could anybone walk me through of how to go about tuning the snort signatures
,like how i could disable and enable them thanks


        
                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - You care about security. So do we. 
http://promotions.yahoo.com/new_mail


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Snort-users] ACID Dates, nhdave
Next by Date:  Re: [Snort-users] ACID Dates, Wes Young
Previous by Thread:  [Snort-users] Snort Basica Help on tuning signatures, sEc nErD
Next by Thread:  Re: [Snort-users] Looking for POM for Inline, Jose Maria Lopez
Indexes:  [Date] [Thread] [Top] [All Lists]