If you are running in passive mode this should not happen. If you are running inline then you should run with alert only rules until you can weed out false positives and then convert to drop rules one rule file at a time, or for certian types of events that you know you should never see in your environment.
Regards, Will On Wed, Sep 30, 2009 at 2:18 AM, Thomas Fischer <[email protected]> wrote: > So outside of enabling everything, which I can't seem to do as it is > seriously impairing my network access by slow load times, pictures not > showing up, IM disconnections, gaming issues. > Which package rules would you enable or disable to have a safe but optimized > snort-ids probe? > Cheers > > -- > Thomas Fischer > email: [email protected] [email protected] twitter.com/FVT > fvter.wordpress.com > IM: gTalk:[email protected] MSN:[email protected] > Y!:tvfischer_FR > PGP Key: > https://keyserver1.pgp.com/vkd/DownloadKey.event?keyid=0x27FBA97646CF2077 > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Sent from Crosne, France > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
