[Oisf-users] How to make all rules to drop except the informational rules???
Cooper F. Nelson
cnelson at ucsd.edu
Wed Jun 19 16:56:08 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Again, I would recommend against doing that. A better idea is to modify
just the rule files you want to enable drop rules. You can use file
names with the 'modifysid' command. Here is an example:
modifysid emerging-exploit.rules "^alert" | "drop"
You can use multiple file names per directive, like this:
modifysid emerging-exploit.rules, emerging-scan.rules "^alert" | "drop"
On 6/18/2013 9:09 AM, mouna amani wrote:
> I have make all rules to drop with modifysid but when I made that even ping
> stopped working and I have been told that is because there are certain
> informational rules .
> So any idea how to make all rules to drop except the informational rules????
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJRweKoAAoJEKIFRYQsa8FWtOwH/1kEweoSS/rl1PQknfHGxagj
PPy431tmozzAreYyygtqQYOOW+1DrG3jRCWYw9B1jaKkNbMZXCrZ7QiV33cKH8jd
N3pAGZ7km0DszNTeLWRLQaodLCebc+NpyPCuameaL+3dsgoOKKiQTrwt2sdlc3i/
26BjeR6Bylew5Vu5XM37CoSMUwgrIUCemNB8OyMEZ4qvt2CIUs37bVOWPZTjir+f
vM6OYTgd4RzM/p884eNmTtFf18n+/ZpjNAr0nmXWQKWfrTD8VG2CEGdD1RVVpGZK
EZLZ+cbOslecPwR5CpTv92GaGBVJgPuuRYcEkcky/ER/2wwabAG3BbzAoEHwQfs=
=czGc
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list