Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-users] IDS Policy Manager trouble

from [Larry Wichman] Network Security [Permanent Link]
Subject: [Snort-users] IDS Policy Manager trouble
Date: Mon, 9 Jan 2006 07:17:17 -0800 (PST) 
I have the latest version of IDS Policy Manager. It seems like evert once in a 
while, signatures that I have turned off, turn them selves back on. Itsounds 
weird, but it always seems to be the same signatures too. For instance, sig id 
2001848, I  turn it off, push the policy, restart Snort and I do not notice it 
for a couple of days. All of a sudden, this signature is triggering all kinds 
of FPs. If I open up the rule file for that sig, it is not commented out. I 
open the policy and it is unchecked and if I exit and save, it shows up as 
"updated". Now, I know some of you may be thinking that I have already have had 
a couple of beers this morning ;) but I have been messing around with this for 
a while and I know I have unchecked that signature, pushed the policy and 
restarted Snort, only to see that sig re-enabled with out my input. Please!! 
Someone tell me I am not the only one and someone else has seen this before.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] Flow Established Help, Ramon L. Fernandez
Next by Date:  RE: [Snort-users] IDS Policy Manager trouble, Jeff Dell
Previous by Thread:  [Snort-users] Flow Established Help, Ramon L. Fernandez
Next by Thread:  RE: [Snort-users] IDS Policy Manager trouble, Jeff Dell
Indexes:  [Date] [Thread] [Top] [All Lists]