Matt Jonkman wrote:
> All very good points. And yes, a better name for the
compromised list
> might be the hostile list. But thats just semantics.
>
> I'm leaning toward then making a separate RBN only
ruleset. I hate to
> make more and more sets, but this seems worth it.
>
> Anyone have other suggestions, or comments for/against
before I go ahead
> and do so?
>
I don't mind having more rule files so long as there is good
reason to.
As others have pointed out it is much easier to comment out
a rule file
in the snort config than try and selectively include/exclude
individual
rules from a single file.
Russell
_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigs bleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/
mailman/listinfo/bleeding-sigs
|
