[Snort-sigs] newbie post

From: Bryan Irvine <bryan.irvine(at)kingcountyjournal.com>
Date: Mon Apr 07 2003 - 19:50:27 EDT

I've jsut started getting interested in snort.

I've been looking around at the ruleset, and it looks rather similar to OpenBSD's PF. I've read the documentation ( I printed it out and have it right here. It seems snort has a lot of options that is a bit overwelming for a newbie. I'm wondering what would be the best way to build my config file.

I'd like to have snort scan for viruses, known windows exploits, but I don't want to see a zillion false positives. I tried running it with the default config file, and it started generating a lot of logs on things I didn't really care about. We ahve a funky routing thing here that we can't get rid of so I was always seeing things like "next-hop" error messages.

Is there any sample files around that I can read from?

--Bryan

---

This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/

---

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Mon Apr 7 20:30:51 2003