# Snort configuration file for the Honeynet Project's Scan of the Month
var HOME_NET any
var EXTERNAL_NET any
var SMTP $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var DNS_SERVERS $HOME_NET

preprocessor frag2
preprocessor stream4: detect_scans
preprocessor stream4_reassemble 
preprocessor http_decode: 80 -unicode -cginull
preprocessor rpc_decode: 111 
preprocessor bo: -nobrute
preprocessor telnet_decode
preprocessor portscan: $HOME_NET 4 3 portscan.log

include classification.config
include bad-traffic.rules
include exploit.rules
include scan.rules
include finger.rules
include ftp.rules
include telnet.rules
include smtp.rules
include rpc.rules
include rservices.rules
include dos.rules
include ddos.rules
include dns.rules
include tftp.rules
include web-cgi.rules
include web-coldfusion.rules
include web-frontpage.rules
include web-iis.rules
include web-misc.rules
include web-attacks.rules
include sql.rules
include x11.rules
include icmp.rules
include netbios.rules
include misc.rules
include attack-responses.rules
include backdoor.rules
include shellcode.rules
include policy.rules
include info.rules
include icmp-info.rules
include virus.rules
include local.rules