|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] Which rules for specific open ports?
From: Erek Adams (erek
snort.org)
Date: Sun Jul 06 2003 - 01:12:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, 5 Jul 2003 briankdsonic.net wrote:
> I'm setting up an Apache/PHP web server behind my DSL router, and setting
> the router to only forward ports 80 and 22 to the server. I'm concerned
> about potential intrusions, but I feel like I've covered a lot of the
> potential exposures by using the port-forwarding scenario.
Some. Be cautious and don't let that fool you into a false sense of
security.
> I followed the recipe at
> http://www.internetsecurityguru.com/documents/snort_acid_rh9.pdf to set
> Snort/PHP/Acid up on this web server. Is there a way I can determine
> which rules & preprocessors are the only ones necessary to protect against
> intrusion on those two ports?
stream4, converstation, http_decode for sure. Rules? Well, any that deal
with web applications (rules/web*) or that have port 22 in them. A
simple:
egrep -i " 22 |ssh" rules/*.rules
Should snag most of them.
Cheers!
-----
Erek Adams
"When things get weird, the weird turn pro." H.S. Thompson
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]