Snort mailing list archives
Suppress alerts
From: Peter Rodger <prodger2008 () yahoo com>
Date: Fri, 14 Oct 2005 11:20:05 -0700 (PDT)
Hi all,
Currently
[snort] (portscan) Open Port unclassified
[snort] (portscan) UDP Portsweep unclassified
[snort] (http_inspect) BARE BYTE UNICODE ENCODING
Are generating too many alerts. I have attempted to
suppress these alerts in my snort.conf file like the
following:
suppress gen_id 122, sig_id 27:
suppress gen_id 122, sig_id 19:
suppress gen_id 119, sig_id 4:
But those alerts are still generating a lot as before.
I do not know why these alerts can not be surppressed?
Thanks,
Peter
__________________________________
Start your day with Yahoo! - Make it your home page!
http://www.yahoo.com/r/hs
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Suppress alerts Peter Rodger (Oct 14)
- Re: Suppress alerts Frank Knobbe (Oct 14)
- Re: Suppress alerts Peter Rodger (Oct 17)
- <Possible follow-ups>
- RE: Suppress alerts Briggs, Bruce (Oct 14)
- RE: Suppress alerts Briggs, Bruce (Oct 17)
- RE: RE: Suppress alerts Peter Rodger (Oct 17)
- Re: Suppress alerts Joel Esler (Oct 17)
- Re: Suppress alerts Peter Rodger (Oct 17)
- Re: Suppress alerts Joel Esler (Oct 17)
- Fwd: Re: Suppress alerts Peter Rodger (Oct 18)
- Re: Suppress alerts Joel Esler (Oct 18)
- Re: Suppress alerts Peter Rodger (Oct 18)
- Re: Suppress alerts Joel Esler (Oct 18)
(Thread continues...)
- Re: Suppress alerts Frank Knobbe (Oct 14)