Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Snort-users] Help with Rules

from [Briggs, Bruce] Network Security [Permanent Link]
Subject: RE: [Snort-users] Help with Rules
Date: Thu, 31 Mar 2005 09:59:09 -0500 
What alert rules have you set up?

Bruce 

-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Kevin
Smith
Sent: Wednesday, March 30, 2005 10:32 PM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] Help with Rules

To anyone who can help,

I am a bit confused on writing rules. I am trying to write, at least 
what I think a pretty simple rule. Basically we have all the traffic 
filtered out, meaning any traffic that is not going to an IP address 
will be sent to the snort box. With this we are going to determine if 
the user is having say spy-ware or virus related problems so we can 
notify them. I am running into trouble getting my rules to work, or they

work so well, it just fills the database up to an unmanageable level.

My question is that right now it is logging what appears to be any 
packet sent by the user. I would like to get a handful of that 
information, for example, have 1 log for every 100 packets. Is this 
possible? If so, what options do I need to use?

Thanks,
Kevin


-------------------------------------------------------
This SF.net email is sponsored by Demarc:
A global provider of Threat Management Solutions.
Download our HomeAdmin security software for free today!
http://www.demarc.com/info/Sentarus/hamr30
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.net email is sponsored by Demarc:
A global provider of Threat Management Solutions.
Download our HomeAdmin security software for free today!
http://www.demarc.com/info/Sentarus/hamr30
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Problems with base and postgresql, Alejandro Flores
Next by Date:  Re: [Snort-users] Where does snort write it's errors to.?, Alex Kirk
Previous by Thread:  [Snort-users] Help with Rules, Kevin Smith
Next by Thread:  [Snort-users] Help with Rules, Kevin Smith
Indexes:  [Date] [Thread] [Top] [All Lists]