Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] snort ... so where from here

from [Seth] Network Security [Permanent Link]
Subject: Re: [Snort-users] snort ... so where from here
Date: Fri, 11 Jul 2008 19:57:14 -0400 
Brent,

You CAN, but most people do not, enable all of the signatures.  An
easy start would be to take a look at the end of your snort.conf.
Each .rules file referenced is a group of signatures of the same type.
 The default snort.conf has some entire rule sets disabled by default.
 You are encouraged to look through the list and pick which sets would
be most appropriate for your environment.  Enabling the
spyware-put.rules on a sensor that protects only web servers might not
be the best use of resources on an older box.   In a situation like
that, just comment the spyware-put.rules line and enable all of the
rules files that you feel would be appropriate.

After you choose which entire sets you would like to have
enabled/disabled, then you can move on to disabled certain signatures
in the oinkmaster.conf.

-Seth



On Thu, Jul 10, 2008 at 8:00 AM, Brent Clark <brentgclarklist@gmail.com> wrote:

Hi List

I got the oinkmaster working and updating, but what interested me is
that the load average shot up just after i ran the update (specs of the
machine arnt great).

My question is, are we supposed to use ALL signatures offered, or what
method / practices is adopted or used.

Thank you in advance for you assistance in advance.

Regard
Brent Clark



-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Defect on rule 13514, Joel Esler
Next by Date:  Re: [Snort-users] Backend DB's, Michael Scheidell
Previous by Thread:  Re: [Snort-users] snort ... so where from here, Stewart L
Next by Thread:  [Snort-users] Questions about Frag3 and Stream5, tung tran
Indexes:  [Date] [Thread] [Top] [All Lists]