Chris Hobbs wrote: > > Well, not too much info here - regrettably my snort rules file got > zeroed out when whitehats.com changed their format. So, all I have is my > IIS logs - however, it's pretty straightforward what happened: YET ANOTHER REASON NOT TO AUTOMAGICLY UPDATE YOUR RULESET!!!!!!!!! Geez. I don't know how many times I have to say this. Automagicly downloading rulesets for ANYTHING is a very DUMB idea. If you are deploying anything like this and you want automagic updates to your sensors, at LEAST pull your rules from a LOCALLY administrated copy. And update the LOCAL copy by hand. -brian
This archive was generated by hypermail 2b30 : Thu May 10 2001 - 19:23:30 PDT