Re: 2.6.1 and LOOOONG startup times plus more ignore_scanners info

On  0, James Lay <jlay <at> slave-tothe-box.net> wrote:

> include $RULE_PATH/local.rules
> include $RULE_PATH/bad-traffic.rules
> include $RULE_PATH/exploit.rules
> include $RULE_PATH/scan.rules
> include $RULE_PATH/finger.rules
> include $RULE_PATH/ftp.rules
> include $RULE_PATH/telnet.rules
> include $RULE_PATH/rpc.rules
> include $RULE_PATH/rservices.rules
> include $RULE_PATH/dos.rules
> include $RULE_PATH/ddos.rules
> include $RULE_PATH/dns.rules
> 
> include $RULE_PATH/web-cgi.rules
> include $RULE_PATH/web-coldfusion.rules
> include $RULE_PATH/web-iis.rules
> include $RULE_PATH/web-frontpage.rules
> include $RULE_PATH/web-misc.rules
> include $RULE_PATH/web-client.rules
> include $RULE_PATH/web-php.rules
> 
> include $RULE_PATH/sql.rules
> include $RULE_PATH/x11.rules
> include $RULE_PATH/icmp.rules
> include $RULE_PATH/netbios.rules
> include $RULE_PATH/misc.rules
> include $RULE_PATH/attack-responses.rules
> include $RULE_PATH/mysql.rules
> 
> include $RULE_PATH/smtp.rules
> include $RULE_PATH/pop3.rules
> 
> include $RULE_PATH/nntp.rules
> include $RULE_PATH/other-ids.rules
> include $RULE_PATH/web-attacks.rules
> include $RULE_PATH/backdoor.rules
> include $RULE_PATH/shellcode.rules
> include $RULE_PATH/policy.rules
> include $RULE_PATH/porn.rules
> include $RULE_PATH/info.rules
> include $RULE_PATH/icmp-info.rules
> include $RULE_PATH/virus.rules
> include $RULE_PATH/spyware-put.rules
> include $RULE_PATH/experimental.rules
> 
> include $RULE_PATH/bleeding-botcc.rules
> include $RULE_PATH/bleeding-drop.rules
> include $RULE_PATH/bleeding-dshield.rules
> include $RULE_PATH/bleeding-virus.rules
> include $RULE_PATH/bleeding-web.rules
> include $RULE_PATH/bleeding-attack_response.rules
> include $RULE_PATH/bleeding-dos.rules
> include $RULE_PATH/bleeding-exploit.rules
> include $RULE_PATH/bleeding-game.rules
> include $RULE_PATH/bleeding-inappropriate.rules
> include $RULE_PATH/bleeding-malware.rules
> include $RULE_PATH/bleeding-scan.rules
> include $RULE_PATH/bleeding.rules
> 
> include $RULE_PATH/community-bot.rules
> include $RULE_PATH/community-dos.rules
> include $RULE_PATH/community-exploit.rules
> include $RULE_PATH/community-game.rules
> include $RULE_PATH/community-icmp.rules
> include $RULE_PATH/community-imap.rules
> include $RULE_PATH/community-inappropriate.rules
> include $RULE_PATH/community-mail-client.rules
> include $RULE_PATH/community-misc.rules
> include $RULE_PATH/community-smtp.rules
> include $RULE_PATH/community-sql-injection.rules
> include $RULE_PATH/community-virus.rules
> include $RULE_PATH/community-web-attacks.rules
> include $RULE_PATH/community-web-client.rules
> include $RULE_PATH/community-web-dos.rules
> include $RULE_PATH/community-web-misc.rules
> include $RULE_PATH/community-web-php.rules

Do you *really* want to enable *every* rule in *every* ruleset you can find? 

You might want to start by trimming down the rules you want to use, then
go into each rule file and trim that down to individual rules you want to use.

--
Nigel Houghton
Office Linebacker
SF VRT

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users