Snort mailing list archives

Stopping repeats in Snort/Acid

From: "Madziarczyk, Jonathan" <than () cityofevanston org>
Date: Fri, 4 Jan 2002 09:20:06 -0600

Hi,
 
I finally got my Snort box up and running with RH7.2/MySQL/ACID and it's
working great!  I even found a link on Cisco's web site to set up policy
based routing for my external router to block CodeRed/Nimda virus from even
entering my address space (useful for keeping the alerts down on snort).  If
anyone has a Cisco router and is interested:
http://www.cisco.com/warp/public/63/nimda.shtml
<http://www.cisco.com/warp/public/63/nimda.shtml> 
 
My question is this, I'm starting to get listings of people with "Kick-A$$
P0rn" (this appears to be coming through from people getting html spam
mail...among other things ;-)  When I look at ACID to get details on "K-A-P"
I get more alerts from my machine to the ACID box.  How do I keep these from
popping up?  By simply investigating 6 alerts in Acid, I can generate
hundreds of additional alerts.  What's my solution?
 
 
--If one synchronized swimmer drowns, do they all have to?
 
Thanks in advance
 
JonMad

Current thread:

Stopping repeats in Snort/Acid Madziarczyk, Jonathan (Jan 04)
- Re: Stopping repeats in Snort/Acid Andreas Hasenack (Jan 04)
- Re: Stopping repeats in Snort/Acid Mike Coles (Jan 06)
  - Re: Stopping repeats in Snort/Acid Frank (Jan 06)
- <Possible follow-ups>
- Re: Stopping repeats in Snort/Acid Wynn Fenwick (Jan 07)