Snort mailing list archives

Quick Newbie Rule Question

From: "Mark R" <mcr2z () cs virginia edu>
Date: Mon, 24 Mar 2003 08:50:43 -0500

Since we are running NIS and a yp domain, I keep seeing the following false
alerts. What is the easiest way to filter out / not get these alerts?

Thanks,
Mark


[**] [1:590:2] RPC portmap request ypserv [**]
[Classification: Decode of an RPC Query] [Priority: 2] 
03/24-08:44:13.841686 myypclient:832 -> myypserver:111
UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:84 DF
Len: 64
[Xref => arachnids 12]



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Quick Newbie Rule Question Mark R (Mar 24)
- Re: Quick Newbie Rule Question Erek Adams (Mar 24)