O'Reilly logo

Intrusion Detection with Snort by Jack Koziol

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Designing a Targeted Ruleset

There may come a point where you would want to develop a targeted ruleset that will alert only on services and hosts that actually exist. The targeted ruleset has rules enabled only for services that are present on your network. If a rule does not match a service existing on a host, it is disabled. This activity can trim the ruleset's size considerably. With a targeted ruleset, you are less likely to discover attempted attacks. The hacker would have to attempt to attack a legitimate service on a legitimate host to be noticed by Snort.

There are a number of different conditions where a targeted ruleset is appropriate. If you have placed a sensor on the internal side of a firewall, you may want to develop a targeted ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required