Network Security: Detailed info on Re: [Snort-users] 2.6.1 and LOOOONG startup times plus more ignore

Subject:	Re: [Snort-users] 2.6.1 and LOOOONG startup times plus more ignore_scanners info
Date:	Fri, 17 Nov 2006 10:59:01 -0600

On  0, James Lay <jlay@slave-tothe-box.net> wrote:

include $RULE_PATH/local.rules
include $RULE_PATH/bad-traffic.rules
include $RULE_PATH/exploit.rules
include $RULE_PATH/scan.rules
include $RULE_PATH/finger.rules
include $RULE_PATH/ftp.rules
include $RULE_PATH/telnet.rules
include $RULE_PATH/rpc.rules
include $RULE_PATH/rservices.rules
include $RULE_PATH/dos.rules
include $RULE_PATH/ddos.rules
include $RULE_PATH/dns.rules

include $RULE_PATH/web-cgi.rules
include $RULE_PATH/web-coldfusion.rules
include $RULE_PATH/web-iis.rules
include $RULE_PATH/web-frontpage.rules
include $RULE_PATH/web-misc.rules
include $RULE_PATH/web-client.rules
include $RULE_PATH/web-php.rules

include $RULE_PATH/sql.rules
include $RULE_PATH/x11.rules
include $RULE_PATH/icmp.rules
include $RULE_PATH/netbios.rules
include $RULE_PATH/misc.rules
include $RULE_PATH/attack-responses.rules
include $RULE_PATH/mysql.rules

include $RULE_PATH/smtp.rules
include $RULE_PATH/pop3.rules

include $RULE_PATH/nntp.rules
include $RULE_PATH/other-ids.rules
include $RULE_PATH/web-attacks.rules
include $RULE_PATH/backdoor.rules
include $RULE_PATH/shellcode.rules
include $RULE_PATH/policy.rules
include $RULE_PATH/porn.rules
include $RULE_PATH/info.rules
include $RULE_PATH/icmp-info.rules
include $RULE_PATH/virus.rules
include $RULE_PATH/spyware-put.rules
include $RULE_PATH/experimental.rules

include $RULE_PATH/bleeding-botcc.rules
include $RULE_PATH/bleeding-drop.rules
include $RULE_PATH/bleeding-dshield.rules
include $RULE_PATH/bleeding-virus.rules
include $RULE_PATH/bleeding-web.rules
include $RULE_PATH/bleeding-attack_response.rules
include $RULE_PATH/bleeding-dos.rules
include $RULE_PATH/bleeding-exploit.rules
include $RULE_PATH/bleeding-game.rules
include $RULE_PATH/bleeding-inappropriate.rules
include $RULE_PATH/bleeding-malware.rules
include $RULE_PATH/bleeding-scan.rules
include $RULE_PATH/bleeding.rules

include $RULE_PATH/community-bot.rules
include $RULE_PATH/community-dos.rules
include $RULE_PATH/community-exploit.rules
include $RULE_PATH/community-game.rules
include $RULE_PATH/community-icmp.rules
include $RULE_PATH/community-imap.rules
include $RULE_PATH/community-inappropriate.rules
include $RULE_PATH/community-mail-client.rules
include $RULE_PATH/community-misc.rules
include $RULE_PATH/community-smtp.rules
include $RULE_PATH/community-sql-injection.rules
include $RULE_PATH/community-virus.rules
include $RULE_PATH/community-web-attacks.rules
include $RULE_PATH/community-web-client.rules
include $RULE_PATH/community-web-dos.rules
include $RULE_PATH/community-web-misc.rules
include $RULE_PATH/community-web-php.rules

 
Do you *really* want to enable *every* rule in *every* ruleset you can find? 

You might want to start by trimming down the rules you want to use, then
go into each rule file and trim that down to individual rules you want to use.

--
Nigel Houghton
Office Linebacker
SF VRT

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-users] 2.6.1 and LOOOONG startup times plus more ignore_scanners info, James Lay Re: [Snort-users] 2.6.1 and LOOOONG startup times plus more ignore_scanners info, Justin Heath Re: [Snort-users] 2.6.1 and LOOOONG startup times plus moreignore_scanners info, James Lay Re: [Snort-users] 2.6.1 and LOOOONG startup times plusmoreignore_scanners info, John York Re: [Snort-users] 2.6.1 and LOOOONG startup times plus more ignore_scanners info, Nigel Houghton <= Re: [Snort-users] 2.6.1 and LOOOONG startup times plus moreignore_scanners info, James Lay

Previous by Date:	Re: [Snort-users] Pass rules need SID in 2.6.1, Justin Heath
Next by Date:	Re: [Snort-users] 2.6.1 and LOOOONG startup times plus moreignore_scanners info, James Lay
Previous by Thread:	Re: [Snort-users] 2.6.1 and LOOOONG startup times plusmoreignore_scanners info, John York
Next by Thread:	Re: [Snort-users] 2.6.1 and LOOOONG startup times plus moreignore_scanners info, James Lay
Indexes:	[Date] [Thread] [Top] [All Lists]

Re: [Snort-users] 2.6.1 and LOOOONG startup times plus more ignore_scann