--- /dev/null
+###################################################
+#
+# This file contains the default snort configuration.
+# for all IPCop Versions
+# Unless you are totally happy with this file,please
+# only change whats needed
+#
+# 1) Set the network variables for your network
+# 2) Configure preprocessors
+# 3) Configure output plugins
+# 4) Customize your rule set
+#
+# $Id: snort.conf,v 1.6.2.1 2005/04/28 18:38:49 gespinasse Exp $
+#
+###################################################
+# Only area a user needs to edit
+include /etc/snort/vars
+var EXTERNAL_NET !$HOME_NET
+var SMTP_SERVERS $HOME_NET
+var HTTP_SERVERS $HOME_NET
+var SQL_SERVERS $HOME_NET
+var TELNET_SERVERS $HOME_NET
+var HTTP_PORTS 80
+var SHELLCODE_PORTS !80
+var ORACLE_PORTS 1521
+var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
+var RULE_PATH /etc/snort
+
+###################################################
+# Do NOT Edit past this line
+###################################################
+config detection: search-method lowmem
+preprocessor flow: memcap 2097152, stats_interval 0, hash 2
+preprocessor frag2: memcap 2097152
+preprocessor stream4: memcap 2097152, detect_scans, disable_evasion_alerts
+preprocessor stream4_reassemble: noalerts
+preprocessor http_inspect: global iis_unicode_map unicode.map 1252
+preprocessor http_inspect_server: server default profile all ports { 80 8080 }
+preprocessor rpc_decode: 111 32771
+preprocessor bo
+preprocessor telnet_decode
+preprocessor flow-portscan: \
+ scoreboard-memcap-talker 1048576 \
+ scoreboard-rows-talker 10000 \
+ talker-sliding-scale-factor 0.50 \
+ talker-fixed-threshold 30 \
+ talker-sliding-threshold 30 \
+ talker-sliding-window 20 \
+ talker-fixed-window 30 \
+ scoreboard-memcap-scanner 1048576 \
+ scoreboard-rows-scanner 10000 \
+ scanner-sliding-window 20 \
+ scanner-sliding-scale-factor 0.50 \
+ scanner-fixed-threshold 15 \
+ scanner-sliding-threshold 40 \
+ scanner-fixed-window 15 \
+ unique-memcap 1048576 \
+ unique-rows 10000 \
+ server-memcap 1048576 \
+ server-rows 10000 \
+ server-watchnet $HOME_NET \
+ server-ignore-limit 100 \
+ server-learning-time 3600 \
+ server-scanner-limit 4 \
+ alert-mode once \
+ output-mode msg \
+ tcp-penalties on
+preprocessor xlink2state: ports { 25 691 }
+#=========================================
+include $RULE_PATH/classification.config
+include $RULE_PATH/reference.config
+#=========================================
+include $RULE_PATH/bad-traffic.rules
+include $RULE_PATH/exploit.rules
+include $RULE_PATH/scan.rules
+include $RULE_PATH/finger.rules
+include $RULE_PATH/ftp.rules
+include $RULE_PATH/telnet.rules
+include $RULE_PATH/rpc.rules
+include $RULE_PATH/rservices.rules
+include $RULE_PATH/dos.rules
+include $RULE_PATH/ddos.rules
+include $RULE_PATH/dns.rules
+include $RULE_PATH/tftp.rules
+
+include $RULE_PATH/web-cgi.rules
+include $RULE_PATH/web-coldfusion.rules
+include $RULE_PATH/web-iis.rules
+include $RULE_PATH/web-frontpage.rules
+include $RULE_PATH/web-misc.rules
+include $RULE_PATH/web-client.rules
+include $RULE_PATH/web-php.rules
+
+include $RULE_PATH/sql.rules
+include $RULE_PATH/x11.rules
+include $RULE_PATH/icmp.rules
+include $RULE_PATH/netbios.rules
+include $RULE_PATH/misc.rules
+include $RULE_PATH/attack-responses.rules
+include $RULE_PATH/oracle.rules
+include $RULE_PATH/mysql.rules
+include $RULE_PATH/snmp.rules
+
+include $RULE_PATH/smtp.rules
+include $RULE_PATH/imap.rules
+include $RULE_PATH/pop2.rules
+include $RULE_PATH/pop3.rules
+
+include $RULE_PATH/nntp.rules
+include $RULE_PATH/other-ids.rules
+# include $RULE_PATH/web-attacks.rules
+# include $RULE_PATH/backdoor.rules
+# include $RULE_PATH/shellcode.rules
+# include $RULE_PATH/policy.rules
+# include $RULE_PATH/porn.rules
+# include $RULE_PATH/info.rules
+# include $RULE_PATH/icmp-info.rules
+# include $RULE_PATH/virus.rules
+# include $RULE_PATH/chat.rules
+# include $RULE_PATH/multimedia.rules
+# include $RULE_PATH/p2p.rules
+# include $RULE_PATH/experimental.rules
+include $RULE_PATH/local.rules