[Oisf-users] How to make all rules to drop except the informational rules???

Cooper F. Nelson cnelson at ucsd.edu
Wed Jun 19 16:56:08 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Again, I would recommend against doing that.  A better idea is to modify
just the rule files you want to enable drop rules.  You can use file
names with the 'modifysid' command.  Here is an example:

modifysid emerging-exploit.rules "^alert" | "drop"

You can use multiple file names per directive, like this:

modifysid emerging-exploit.rules, emerging-scan.rules "^alert" | "drop"

On 6/18/2013 9:09 AM, mouna amani wrote:
> I have make all rules to drop with modifysid but when I made that even ping
> stopped working and I have been told that is because there are certain
> informational rules .
> So any idea how to make all rules to drop except the informational rules????
> 
> 
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
> 


- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJRweKoAAoJEKIFRYQsa8FWtOwH/1kEweoSS/rl1PQknfHGxagj
PPy431tmozzAreYyygtqQYOOW+1DrG3jRCWYw9B1jaKkNbMZXCrZ7QiV33cKH8jd
N3pAGZ7km0DszNTeLWRLQaodLCebc+NpyPCuameaL+3dsgoOKKiQTrwt2sdlc3i/
26BjeR6Bylew5Vu5XM37CoSMUwgrIUCemNB8OyMEZ4qvt2CIUs37bVOWPZTjir+f
vM6OYTgd4RzM/p884eNmTtFf18n+/ZpjNAr0nmXWQKWfrTD8VG2CEGdD1RVVpGZK
EZLZ+cbOslecPwR5CpTv92GaGBVJgPuuRYcEkcky/ER/2wwabAG3BbzAoEHwQfs=
=czGc
-----END PGP SIGNATURE-----



More information about the Oisf-users mailing list