Hosting Provided By

Re: [Snort-sigs] ftp rules question - why only external to internal?

From: Terence Runge <terencerunge(at)sbcglobal.net>
Date: Fri Apr 25 2003 - 13:08:36 EDT

This depends entirely on what you deem important to monitor for. What do you define an $EXTERNAL_NET? In some instances, I have defined specific vlans as the $EXTERNAL_NET or $HOME_NET, especially when running snort for site to site internal monitoring sniffing the uplink. Create virtual interfaces and try running multiple instances of snort with well defined snort.conf and *.rules.

-tcr

Jerry.L.Rose@saj02.usace.army.mil wrote:

> I see there are several "bad" sections in the ftp rules ("bad files"

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Fri Apr 25 13:44:56 2003

This message: [ Message body ]
Next message: Jerry.L.Rose(at)saj02.usace.army.mil: "RE: [Snort-sigs] ftp rules question - why only external to intern al?"
Previous message: Brian: "Re: [Snort-sigs] ftp rules question - why only external to internal?"
In reply to: Jerry.L.Rose(at)saj02.usace.army.mil: "[Snort-sigs] ftp rules question - why only external to internal?"
In reply to L. Christopher Luther: "RE: [Snort-sigs] ftp rules question - why only external to intern al?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:27 EDT