Home page logo

snort logo Snort mailing list archives

Re: 1:17239 False Positive
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 12 Oct 2010 15:57:49 -0400

On 10/12/2010 15:42, Joel Esler wrote:
Right, that's the general rule of thumb, however, this rule was updated in today's rulepack.


On Oct 12, 2010, at 12:21 PM, Christopher A. Libby wrote:

My initial guess would be disable this rule if you aren't using the product  [...]

"the general rule of thumb" depends on which side of the fence one is standing 
and operating on...

on my side of the fence, if there is some bad traffic, i want to know about 
it... just because i'm not using a particular product doesn't mean that i'm 
willing to let that abusive traffic and those abusive IPs access my 
network(s)... if some IP is beating on my network with traffic attempting to 
compromise a package that i'm not running, they are obviously up to no good and 
they are quite unwelcome in my network(s)... as such they are unceremoniously 
blocked with all due prejudice available...

this is especially true with web-base traffic... just because i'm not running a 
CMS doesn't mean that i'm going to allow my server(s) and application(s) be beat 
on with traffic that is attempting to violate any CMS product... why should i 
allow all that traffic on my network(s)? why should i subject my server(s) and 
app(s) to that kind of beating? thank but no thanks...

just a view from the other side of the fence 8)

Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]