Snort mailing list archives

Re: How to turn off a rule

From: AllowOverride <allowoverride () gmail com>
Date: Fri, 12 Oct 2012 09:56:17 -0700

jeremy thats enough, drop the attitude

On Fri, 2012-10-12 at 00:23 +0000, Jeremy Hoel wrote:

If its stupid and it works, its not stupid. In the top 10 results are
the answers to your problem.  But hey, you can ask the same question
on the mailing list and let someone get around to answering vs finding
the answer online and moving to your next problem. 

On Oct 11, 2012 6:04 PM, "AllowOverride" <allowoverride () gmail com>
wrote:
        i disagree... completely, google yields hundreds of hits, i
        cant believe
        you actually pulled a 2008 joke on me like that,, you are 2000
        late
        dude.. lolol
        
        On Thu, 2012-10-11 at 21:52 +0000, Jeremy Hoel wrote:
        > Because the question you asked is easily answered by doing a
        google search.
        >
        > You asked about how to disable a rule, I answered that, and
        then
        > pointed to conversations about the particular error you are
        seeing.
        > Because it's probably not a rule, but a preprocessor.
        >
        > And because google can be your friend if you use it, quick
        answers to
        > common problems..
        >
        >
        > On Thu, Oct 11, 2012 at 9:36 PM, AllowOverride
        <allowoverride () gmail com> wrote:
        > > why are you sending me to google?
        > >
        > > On Thu, 2012-10-11 at 19:39 +0000, Jeremy Hoel wrote:
        > >> You comment our a rule that you don't want, then restart
        snort for
        > >> that change to take effect.
        > >>
        > >> In the case of SSH protocal mismatches, it's probably not
        a rule, but
        > >> the preprocessor.. in which case;
        > >>
        > >> http://lmgtfy.com/?q=snort+ssh+Protocol+mismatch
        > >>
        > >> There's been a lot of talk about various way to disable
        to alert to
        > >> match your needs.
        > >>
        > >>
        > >>
        > >> On Thu, Oct 11, 2012 at 7:31 PM, AllowOverride
        <allowoverride () gmail com> wrote:
        > >> > ok, my understanding is to turn off a rule in
        snort.rules by simply
        > >> > putting a # or commenting it out, in front of the rule.
        > >> >
        > >> > my question is:
        > >> >
        > >> >             #22-(2-5946)
        > >> > [snort] ssh: Protocol mismatch
        > >> >
        > >> > turn off this rule.
        > >> >
        > >> > what do i look for, there are a shyt load of ssh rules.
        > >> > maybe look for leading line stating 22?
        > >> >
        > >> > or grep 5946, in snort.rules, right?
        > >> >
        > >> > thanks!
        > >> >
        > >> > ps this is a false positive, as i am 192.168.1.35
        connecting to
        > >> > 192.168.1.14.. its me.
        > >> >
        > >> >
        > >> >
        ------------------------------------------------------------------------------
        > >> > Don't let slow site performance ruin your business.
        Deploy New Relic APM
        > >> > Deploy New Relic app performance management and know
        exactly
        > >> > what is happening inside your Ruby, Python, PHP, Java,
        and .NET app
        > >> > Try New Relic at no cost today and get our sweet Data
        Nerd shirt too!
        > >> > http://p.sf.net/sfu/newrelic-dev2dev
        > >> > _______________________________________________
        > >> > Snort-users mailing list
        > >> > Snort-users () lists sourceforge net
        > >> > Go to this URL to change user options or unsubscribe:
        > >> >
        https://lists.sourceforge.net/lists/listinfo/snort-users
        > >> > Snort-users list archive:
        > >> >
        http://www.geocrawler.com/redir-sf.php3?list=snort-users
        > >> >
        > >> > Please visit http://blog.snort.org to stay current on
        all the latest Snort news!
        > >



------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: How to turn off a rule, (continued)
- Re: How to turn off a rule Jeremy Hoel (Oct 11)
  - Re: How to turn off a rule Michael Steele (Oct 11)
    - Re: How to turn off a rule Jeremy Hoel (Oct 11)
    - Re: How to turn off a rule AllowOverride (Oct 11)
    - Re: How to turn off a rule AllowOverride (Oct 11)
    - Re: How to turn off a rule Michael Steele (Oct 11)
  - Re: How to turn off a rule AllowOverride (Oct 11)
    - Re: How to turn off a rule Jeremy Hoel (Oct 11)
    - Re: How to turn off a rule AllowOverride (Oct 11)
    - Re: How to turn off a rule Jeremy Hoel (Oct 11)
    - Re: How to turn off a rule AllowOverride (Oct 12)
    - Re: How to turn off a rule Craft, Robert (Oct 12)
    - Re: How to turn off a rule JJC (Oct 12)