Good job, Pete. Through these changes we saw a minimal increase in false positives on one day, and detection seems to have improved as well.
Darin. ----- Original Message ----- From: "Pete McNeil" <[EMAIL PROTECTED]> To: <sniffer@sortmonster.com> Sent: Thursday, March 09, 2006 3:08 AM Subject: [sniffer] F001 Rule Bot Change Hello Sniffer Folks, The F001 Rule Bot has been adjusted. The number of repeat offenses required for an IP to be listed has been increased. It's important to note also: Messages that are filtered out by other rules are excluded from this evaluation. Consequently, for an IP to be added to the F001 bot rules it must not only be seen quite a few times, but it must also be generating messages that are not filtered using other active rules. As part of this adjustment we removed approximately 20000 IP rules that had shown either weak or no activity since they were created. This may cause rulebase file sizes to change noticeably. Thanks, _M Pete McNeil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) Chief Scientist (www.armresearch.com) This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html