Date: Fri, 11 May 2001 01:46:49 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Sheldon Hearn <sheldonh@uunet.co.za> Cc: Kris Kennaway <kris@obsecurity.org>, freebsd-questions@freebsd.org Subject: Re: FreeBSD IDS to babysit Microsoft hosts Message-ID: <20010511014649.A19248@xor.obsecurity.org> In-Reply-To: <73345.989568885@axl.fw.uunet.co.za>; from sheldonh@uunet.co.za on Fri, May 11, 2001 at 10:14:45AM %2B0200 References: <20010511004209.A18132@xor.obsecurity.org> <73345.989568885@axl.fw.uunet.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
--LQksG6bCIzRHxTLp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 11, 2001 at 10:14:45AM +0200, Sheldon Hearn wrote: >=20 >=20 > On Fri, 11 May 2001 00:42:09 MST, Kris Kennaway wrote: >=20 > > You want snort (in ports) >=20 > Yes!!! >=20 > Kris, thanks so much, this is awesome stuff! >=20 > The port comes with a whole bunch of rules files that end in -lib. The > snort web site has a snortrules.tar.gz in which files end in .rules. I > assume that the rules on the web site should be used in preference over > those that come with the port? Actually the best ruleset I've found is the ArachNIDS set from www.whitehats.com. The rules that come with snort (or on the website) aren't quite so well-organised, although there's lots of good stuff there. You can of course customize them to pick out the good parts. Kris --LQksG6bCIzRHxTLp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6+6b4Wry0BWjoQKURAkd4AJ9vnSDTHZf1Ppk2Bz8V31uxB6xvBACeNGyO MOTc/+SmzK1TO5jSoxtnkp8= =toMX -----END PGP SIGNATURE----- --LQksG6bCIzRHxTLp-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010511014649.A19248>