Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] snort ... so where from here

from [Stewart L] Network Security [Permanent Link]
Subject: Re: [Snort-users] snort ... so where from here
Date: Thu, 10 Jul 2008 08:09:20 -0400 
you should try to pare down the list based on your networks.   I have A HUGE
network at work (400 sites, tons of public-facing servers).  Properly
defining the web servers, DNS servers, FTP servers, etc will help.

Check the top 5 every day and see if they are valid or false positives.  If
they are false positives, whack 'em.   The guy who initially set our SNORT
box up used the complete rule set and we were getting tons of alerts.  I've
been working on it for an hour a day for a week or so and it's much more
tuned now.

Stew


On Thu, Jul 10, 2008 at 8:00 AM, Brent Clark <brentgclarklist@gmail.com>
wrote:


Hi List

I got the oinkmaster working and updating, but what interested me is
that the load average shot up just after i ran the update (specs of the
machine arnt great).

My question is, are we supposed to use ALL signatures offered, or what
method / practices is adopted or used.

Thank you in advance for you assistance in advance.

Regard
Brent Clark



-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>list
 archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-- 
Stewart
--
You only lose what you cling to.

-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] snort ... so where from here, Brent Clark
Next by Date:  Re: [Snort-users] Errors building snort-inlne 2.8.2.1 with clamv preprocessor, Nigel Horne
Previous by Thread:  [Snort-users] snort ... so where from here, Brent Clark
Next by Thread:  Re: [Snort-users] snort ... so where from here, Seth
Indexes:  [Date] [Thread] [Top] [All Lists]