r109 - 08 Aug 2008 - 01:19:37 - JamesMcQuaidYou are here: TWiki > 
Main Web > AllProjects > SnortConfSamples
Main Web > AllProjects > SnortConfSamplesSnort.Conf Samples
The goal of this page is to make a set of sample snort.conf files, and some samples for using other common tools with data from Emerging Threats. These will represent different size and goal installs of snort. We do not intend to provide snort.conf files that you can use without modification or understanding, but guides to help you benefit from the experience of the community as a whole. We welcome submissions and tips to improve these files, as well as ideas for new types of configs to add. This page is maintained by JamesMcQuaid * Diagram portraying home network defended by multiple layers of Snort Inline:
HoneywallSamples (includes Honeywall and Smoothwall Snort config files, installation and usage tutorials, and DNS Blackhole files)
- bleeding.conf: bleeding.conf declaration for SSH ports.
- snort_inline.conf: This Snort Inline configuration will use over 900 MB of RAM. Most rules are set to drop; do not use Honeywall's autogenerated replace rules. Will Metcalf, the current maintainer of snort_inline, does not recommend blindly converting as many rules as possible to use replace. Will has said to not use replace in rules that contain the keyword flowbits:noalert because they are used in protocol identification/behavior, and are later checked in separate rules that alert/drop.
- brandjackers.txt: Organized crime brandjacking Adobe, Kaspersky, McAfee? and Symantec.
| I | Attachment | Action | Size | Date | Who | Comment |
|---|---|---|---|---|---|---|
 txt | BadMP3SitesBlackhole.txt | manage | 12.8 K | 24 Jan 2008 - 02:29 | JamesMcQuaid | Evil MP3 sites targeting the kids with malware. Use in Smoothwall 2.0's blackhole.conf file. |
 gif | BleedingNetworkTopology.gif | manage | 115.7 K | 12 Apr 2008 - 20:16 | JamesMcQuaid | |
| gif | BleedingNetworkTopologySplit.gif | manage | 97.9 K | 12 Apr 2008 - 20:15 | JamesMcQuaid | |
 conf | bleeding.conf | manage | 2.6 K | 07 Apr 2008 - 11:36 | JamesMcQuaid | |
| EXT | bogons | manage | 112.2 K | 24 Jan 2008 - 02:34 | JamesMcQuaid | Complete list of bogons on 10-21-2007 |
| txt | brandjackers.txt | manage | 4.4 K | 08 Aug 2008 - 01:19 | JamesMcQuaid | |
| EXT | config | manage | 34.6 K | 24 Jan 2008 - 12:37 | JamesMcQuaid | |
| EXT | config-hosts | manage | 5613.1 K | 17 Jun 2008 - 03:06 | JamesMcQuaid | |
| EXT | config-ipblock | manage | 7.9 K | 31 Mar 2008 - 01:45 | JamesMcQuaid | |
| txt | config.txt | manage | 30.8 K | 24 Oct 2007 - 11:55 | JamesMcQuaid | Bogon IPs block for Smoothwall; includes RBN, Chinese hackers and trojans. |
| EXT | configNew | manage | 5047.8 K | 19 Apr 2008 - 20:09 | JamesMcQuaid | |
| conf | snort_Outer.conf | manage | 39.5 K | 07 Apr 2008 - 01:00 | JamesMcQuaid | |
| conf | snort_inline.conf | manage | 14.4 K | 18 Jun 2008 - 10:19 | JamesMcQuaid | |
| conf | snort_inline_Outer.conf | manage | 13.7 K | 12 Apr 2008 - 20:42 | JamesMcQuaid | |
| conf | snort_inline_inner.conf | manage | 14.1 K | 12 Apr 2008 - 20:42 | JamesMcQuaid | |
| conf | snort_inner.conf | manage | 38.7 K | 12 Apr 2008 - 20:44 | JamesMcQuaid | |
| conf | tldblackhole.conf | manage | 2.1 K | 24 Jan 2008 - 12:42 | JamesMcQuaid | |
| EXT | zone | manage | 10101.7 K | 23 Mar 2008 - 22:21 | JamesMcQuaid |
Main Web
Create New Topic
Index
Search
Changes
Preferences
- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback