mirror of
git://projects.qi-hardware.com/openwrt-xburst.git
synced 2024-12-05 05:39:25 +02:00
179 lines
5.8 KiB
Diff
179 lines
5.8 KiB
Diff
|
--- snort-wireless-2.4.3-alpha04/etc/snort.conf 2005-10-21 09:41:01.000000000 +0200
|
||
|
+++ /Users/florian/telechargements/snort.conf 2005-10-30 13:20:17.000000000 +0100
|
||
|
@@ -6,6 +6,7 @@
|
||
|
#
|
||
|
###################################################
|
||
|
# This file contains a sample snort configuration.
|
||
|
+# Most preprocessors and rules were disabled to save memory.
|
||
|
# You can take the following steps to create your own custom configuration:
|
||
|
#
|
||
|
# 1) Set the variables for your network
|
||
|
@@ -42,10 +43,10 @@
|
||
|
# or you can specify the variable to be any IP address
|
||
|
# like this:
|
||
|
|
||
|
-var HOME_NET any
|
||
|
+var HOME_NET 192.168.1.0/24
|
||
|
|
||
|
# Set up the external network addresses as well. A good start may be "any"
|
||
|
-var EXTERNAL_NET any
|
||
|
+var EXTERNAL_NET !$HOME_NET
|
||
|
|
||
|
# Configure your wireless AP lists. This allows snort to look for attacks
|
||
|
# against your wireless network, such as rogue access points or adhoc wireless
|
||
|
@@ -137,7 +138,7 @@
|
||
|
# Path to your rules files (this can be a relative path)
|
||
|
# Note for Windows users: You are advised to make this an absolute path,
|
||
|
# such as: c:\snort\rules
|
||
|
-var RULE_PATH ../rules
|
||
|
+var RULE_PATH /etc/snort/rules
|
||
|
|
||
|
# Configure the snort decoder
|
||
|
# ============================
|
||
|
@@ -413,11 +414,11 @@
|
||
|
# lots of options available here. See doc/README.http_inspect.
|
||
|
# unicode.map should be wherever your snort.conf lives, or given
|
||
|
# a full path to where snort can find it.
|
||
|
-preprocessor http_inspect: global \
|
||
|
- iis_unicode_map unicode.map 1252
|
||
|
+#preprocessor http_inspect: global \
|
||
|
+# iis_unicode_map unicode.map 1252
|
||
|
|
||
|
-preprocessor http_inspect_server: server default \
|
||
|
- profile all ports { 80 8080 8180 } oversize_dir_length 500
|
||
|
+#preprocessor http_inspect_server: server default \
|
||
|
+# profile all ports { 80 8080 8180 } oversize_dir_length 500
|
||
|
|
||
|
#
|
||
|
# Example unique server configuration
|
||
|
@@ -451,7 +452,7 @@
|
||
|
# no_alert_incomplete - don't alert when a single segment
|
||
|
# exceeds the current packet size
|
||
|
|
||
|
-preprocessor rpc_decode: 111 32771
|
||
|
+#preprocessor rpc_decode: 111 32771
|
||
|
|
||
|
# bo: Back Orifice detector
|
||
|
# -------------------------
|
||
|
@@ -474,7 +475,7 @@
|
||
|
# 3 Back Orifice Server Traffic Detected
|
||
|
# 4 Back Orifice Snort Buffer Attack
|
||
|
|
||
|
-preprocessor bo
|
||
|
+#preprocessor bo
|
||
|
|
||
|
# telnet_decode: Telnet negotiation string normalizer
|
||
|
# ---------------------------------------------------
|
||
|
@@ -486,7 +487,7 @@
|
||
|
# This preprocessor requires no arguments.
|
||
|
# Portscan uses Generator ID 109 and does not generate any SID currently.
|
||
|
|
||
|
-preprocessor telnet_decode
|
||
|
+#preprocessor telnet_decode
|
||
|
|
||
|
# sfPortscan
|
||
|
# ----------
|
||
|
@@ -537,9 +538,9 @@
|
||
|
# are still watched as scanner hosts. The 'ignore_scanned' option is
|
||
|
# used to tune alerts from very active hosts such as syslog servers, etc.
|
||
|
#
|
||
|
-preprocessor sfportscan: proto { all } \
|
||
|
- memcap { 10000000 } \
|
||
|
- sense_level { low }
|
||
|
+#preprocessor sfportscan: proto { all } \
|
||
|
+# memcap { 10000000 } \
|
||
|
+# sense_level { low }
|
||
|
|
||
|
# arpspoof
|
||
|
#----------------------------------------
|
||
|
@@ -814,41 +815,41 @@
|
||
|
include $RULE_PATH/bad-traffic.rules
|
||
|
include $RULE_PATH/exploit.rules
|
||
|
include $RULE_PATH/scan.rules
|
||
|
-include $RULE_PATH/finger.rules
|
||
|
-include $RULE_PATH/ftp.rules
|
||
|
-include $RULE_PATH/telnet.rules
|
||
|
-include $RULE_PATH/rpc.rules
|
||
|
-include $RULE_PATH/rservices.rules
|
||
|
-include $RULE_PATH/dos.rules
|
||
|
-include $RULE_PATH/ddos.rules
|
||
|
-include $RULE_PATH/dns.rules
|
||
|
-include $RULE_PATH/tftp.rules
|
||
|
-
|
||
|
-include $RULE_PATH/web-cgi.rules
|
||
|
-include $RULE_PATH/web-coldfusion.rules
|
||
|
-include $RULE_PATH/web-iis.rules
|
||
|
-include $RULE_PATH/web-frontpage.rules
|
||
|
-include $RULE_PATH/web-misc.rules
|
||
|
-include $RULE_PATH/web-client.rules
|
||
|
-include $RULE_PATH/web-php.rules
|
||
|
-
|
||
|
-include $RULE_PATH/sql.rules
|
||
|
-include $RULE_PATH/x11.rules
|
||
|
-include $RULE_PATH/icmp.rules
|
||
|
-include $RULE_PATH/netbios.rules
|
||
|
-include $RULE_PATH/misc.rules
|
||
|
-include $RULE_PATH/attack-responses.rules
|
||
|
-include $RULE_PATH/oracle.rules
|
||
|
-include $RULE_PATH/mysql.rules
|
||
|
-include $RULE_PATH/snmp.rules
|
||
|
-
|
||
|
-include $RULE_PATH/smtp.rules
|
||
|
-include $RULE_PATH/imap.rules
|
||
|
-include $RULE_PATH/pop2.rules
|
||
|
-include $RULE_PATH/pop3.rules
|
||
|
+#include $RULE_PATH/finger.rules
|
||
|
+#include $RULE_PATH/ftp.rules
|
||
|
+#include $RULE_PATH/telnet.rules
|
||
|
+#include $RULE_PATH/rpc.rules
|
||
|
+#include $RULE_PATH/rservices.rules
|
||
|
+#include $RULE_PATH/dos.rules
|
||
|
+#include $RULE_PATH/ddos.rules
|
||
|
+#include $RULE_PATH/dns.rules
|
||
|
+#include $RULE_PATH/tftp.rules
|
||
|
+
|
||
|
+#include $RULE_PATH/web-cgi.rules
|
||
|
+#include $RULE_PATH/web-coldfusion.rules
|
||
|
+#include $RULE_PATH/web-iis.rules
|
||
|
+#include $RULE_PATH/web-frontpage.rules
|
||
|
+#include $RULE_PATH/web-misc.rules
|
||
|
+#include $RULE_PATH/web-client.rules
|
||
|
+#include $RULE_PATH/web-php.rules
|
||
|
+
|
||
|
+#include $RULE_PATH/sql.rules
|
||
|
+#include $RULE_PATH/x11.rules
|
||
|
+#include $RULE_PATH/icmp.rules
|
||
|
+#include $RULE_PATH/netbios.rules
|
||
|
+#include $RULE_PATH/misc.rules
|
||
|
+#include $RULE_PATH/attack-responses.rules
|
||
|
+#include $RULE_PATH/oracle.rules
|
||
|
+#include $RULE_PATH/mysql.rules
|
||
|
+#include $RULE_PATH/snmp.rules
|
||
|
+
|
||
|
+#include $RULE_PATH/smtp.rules
|
||
|
+#include $RULE_PATH/imap.rules
|
||
|
+#include $RULE_PATH/pop2.rules
|
||
|
+#include $RULE_PATH/pop3.rules
|
||
|
|
||
|
-include $RULE_PATH/nntp.rules
|
||
|
-include $RULE_PATH/other-ids.rules
|
||
|
+#include $RULE_PATH/nntp.rules
|
||
|
+#include $RULE_PATH/other-ids.rules
|
||
|
# include $RULE_PATH/web-attacks.rules
|
||
|
# include $RULE_PATH/backdoor.rules
|
||
|
# include $RULE_PATH/shellcode.rules
|
||
|
@@ -856,11 +857,11 @@
|
||
|
# include $RULE_PATH/porn.rules
|
||
|
# include $RULE_PATH/info.rules
|
||
|
# include $RULE_PATH/icmp-info.rules
|
||
|
- include $RULE_PATH/virus.rules
|
||
|
+# include $RULE_PATH/virus.rules
|
||
|
# include $RULE_PATH/chat.rules
|
||
|
# include $RULE_PATH/multimedia.rules
|
||
|
# include $RULE_PATH/p2p.rules
|
||
|
-include $RULE_PATH/experimental.rules
|
||
|
+#include $RULE_PATH/experimental.rules
|
||
|
#include $RULE_PATH/wifi.rules
|
||
|
|
||
|
# Include any thresholding or suppression commands. See threshold.conf in the
|