Welcome, Guest. Please login or register.
Did you miss your activation email?
Wednesday 25 December 2024, 05:19:04 am

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  [SOLVED] But read this may be help your IPS custom rules
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: [SOLVED] But read this may be help your IPS custom rules  (Read 9070 times)
rainstorm
Jr. Member
*
Offline Offline

Posts: 1


« on: Monday 10 December 2012, 08:07:25 pm »

Hi ,
I'm very newbie.
I want to add this line to the /etc/snort/vars
portvar FILE_DATA_PORTS ($HTTP_PORTS,110,143).   (for the custom rules)

but after restart snort service that return default. (no line)
thank you.

[solution]
always edit .tmpl, .old , .conf files.

but IPS(snort) have a problem with custom rules (downloaded from snort.org with oinkmastercode.)
you must change in the all rules "threshold" to "detection_filter"

www_google.com_tr/search?hl=en&tbo=d&sclient=psy-ab&q=threshold+vs+detection_filter&oq=threshold+vs+detection_filter&gs_l=hp.3...1291333.1303535.0.1303986.29.27.0.0.0.0.560.5103.0j14j3j0j1j3.21.0.les%3B..0.0...1c.1.wyromgRI-8g&pbx=1&bpcl=40096503&biw=1280&bih=675&cad=b&cad=cbv&sei=xUnUUPbcKI-HhQeE-YHgBQ
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com