Menu
▾
▴
Re: [Snort-inline-users] good rules
|
From: Matt J. <jo...@jo...> - 2008-04-16 02:14:42
|
There's emergingthreats.net as well of course (www.emergingthreats.net/rules) But no matter what set you use, you'll have to go through and look at every sig and decide if you want to block, and if so which side to block (src, dest, both, etc) It's a horribly tedious task, but necessary. And you'll find your understanding of the ruleset much greater once you're done. When I have to do so I try to set a chunk of the ruleset a day to get done. Pick a category a day for the smaller ones. But don't try to power through it all in one sitting, you'll glaze over and miss stuff. Matt Robert Mcmillen wrote: > Does anyone have a good set of snort_inline rules or know a good > location to find them? > > Rob > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users -- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc |
