# This file is used for options that are changed by Debian to leave
# the original lib files untouched.
# You have to use "dpkg-reconfigure snort" to change them.
# snortconfig by Echtor2oo3 (irc.freenode.net #chaostreffpunkt)
# passende .conkyrc liegt ebenfalls auf dem ftp
# sie ist nur zum anzeigen von portscannern gedacht, man sollte trotzdem
# oefters in die /var/log/snort/alert gucken

var HOME_NET deine_ip(ifconfig)/24
var INTERFACE eth0
var SEND_STATS false
var STATS_RCPT root
var STATS_THRESHOLD 1
var RULE_PATH /etc/snort/rules/
var EXTERNAL_NET $HOME_NET
var TELNET_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SMTP $HOME_NET
var HTTP_PORTS 80
var AIM_SERVERS [64.12.24.0/23]
var SMTP_SERVERS $HOME_NET
var SHELLCODE_PORTS 80

preprocessor conversation: allowed_ip_protocols all, timeout 60, max_conversations 32000
preprocessor portscan2-ignorehosts: $HOME_NET
preprocessor portscan2-ignoreports-from: 53 80
preprocessor portscan2-ignoreports-to: 53 80
preprocessor portscan2: scanners_max 3200, targets_max 5000, target_limit 5, port_limit 20, timeout 60
preprocessor flow: stats_interval 0 hash 2
preprocessor frag2
preprocessor stream4: detect_scans detect_state_problems detect_scans disable_evasion_alerts
preprocessor stream4_reassemble: ports all
preprocessor rpc_decode: 111 32771
preprocessor bo: -nobrute
preprocessor telnet_decode

include classification.config


include $RULE_PATH/bad-traffic.rules
include $RULE_PATH/backdoor.rules
include $RULE_PATH/ddos.rules
include $RULE_PATH/chat.rules
include $RULE_PATH/ddos.rules
include $RULE_PATH/dns.rules
include $RULE_PATH/dos.rules
include $RULE_PATH/experimental.rules
include $RULE_PATH/exploit.rules
include $RULE_PATH/finger.rules
include $RULE_PATH/icmp-info.rules
include $RULE_PATH/icmp.rules
include $RULE_PATH/imap.rules
include $RULE_PATH/info.rules
include $RULE_PATH/local.rules
include $RULE_PATH/misc.rules
include $RULE_PATH/multimedia.rules
include $RULE_PATH/nntp.rules
include $RULE_PATH/other-ids.rules
include $RULE_PATH/policy.rules
include $RULE_PATH/pop2.rules
include $RULE_PATH/pop3.rules
include $RULE_PATH/porn.rules
include $RULE_PATH/rpc.rules
include $RULE_PATH/rservices.rules
include $RULE_PATH/scan.rules
include $RULE_PATH/shellcode.rules
include $RULE_PATH/smtp.rules
include $RULE_PATH/snmp.rules
include $RULE_PATH/telnet.rules
include $RULE_PATH/tftp.rules
include $RULE_PATH/virus.rules
include $RULE_PATH/web-attacks.rules
include $RULE_PATH/web-cgi.rules
include $RULE_PATH/web-client.rules
include $RULE_PATH/web-coldfusion.rules
include $RULE_PATH/web-frontpage.rules
include $RULE_PATH/web-iis.rules
include $RULE_PATH/web-misc.rules
include $RULE_PATH/web-php.rules
include $RULE_PATH/x11.rules
include $RULE_PATH/attack-responses.rules