IDS: IDS event filtering

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

IDS mailing list archives

IDS event filtering

From: "Billy Dodson" <CraftedPacket () securitynerds org>
Date: Fri, 31 Dec 2004 15:37:29 -0000 (GMT)

I am wanting to get an idea of what you guys out there filter from your
IDS sensors.  Some of the sensors I monitor get TONS of events for MSSQL
control overflows.  If the customer is patched for slammer and does not
have any SQL services on the internet, is it safe to filter out those
events?  Do you still want to see that traffic even though you know your
are not vulnerable?  Thanks!

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

By Date By Thread

Current thread:

IDS event filtering Billy Dodson (Dec 31)
- <Possible follow-ups>
- RE: IDS event filtering Harper, Patrick (Dec 31)