jrivett Posted January 28, 2017 Report Posted January 28, 2017 I'm at this step: 'Configuring Snort, the Heart of the Windows Intrusion Detection System (WinIDS)'. At this point there are two commands, the point of which seems to be to clear the blacklist and whitelist files that are included with Snort. Here's the first one: 'type NUL > d:\winids\snort\rules\black_list.rules' This actually creates a *new* file called 'black_list.rules', with no content (size zero). I think perhaps the intention was to clear the contents of the existing file, which is actually named 'blacklist.rules'. I don't see 'white_list.rules' or 'whitelist.rules', so the other command just creates an empty 'white_list.rules'. Quote
Morpheus Posted January 28, 2017 Report Posted January 28, 2017 That is correct. Those two files are used by the Reputation preprocessor. Both files needs to exist or there will be a fatal error. Quote
jrivett Posted January 28, 2017 Author Report Posted January 28, 2017 Okay, thanks for clearing that up. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.