Snort mailing list archives

Re: Strange Alerts

From: David Alonso De La Vega Tapage <delavegad () bancoaliado com>
Date: Wed, 23 Apr 2003 12:27:43 -0500

Hi all ..aprox how much time to get snort-mysql-2.0.0.rpm .. ? only curios ..I'm already have my 1.9.1 function .. !


Erek Adams wrote:

On Wed, 23 Apr 2003, Artur Bittencourt wrote:

        I have the same situation here. After I?ve upgraded to Snort 2.0.0
I?ve got a lot of alerts (more than 191000) with "(snort_decoder): T/TCP
Detected" on my e-mail server. How do I turn this rule off ?


Did you upgrade your snort.conf?  If not, you need to.

Then have a look in it.  Up near the top, you'll see something like:

 # Configure the snort decoder:
 # ============================
 #
 # Stop generic decode events:
 #
 # config: disable_decode_alerts
 #
 # Stop Alerts on experimental TCP options
 #
 # config: disable_tcpopt_experimental_alerts
 #
 # Stop Alerts on obsolete TCP options
 #
 # config: disable_tcpopt_obsolete_alerts
 #
 # Stop Alerts on T/TCP alerts
 #
 # config: disable_ttcp_alerts
 #
 # Stop Alerts on all other TCPOption type events:
 #
 # config: disable_tcpopt_alerts
 #
 # Stop Alerts on invalid ip options
 # config: disable_ipopt_alerts


Uncomment the disable_ttcp_alerts line.

-----
Erek Adams

  "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users

------------------------------------------------------------------------

****** Message from InterScan E-Mail VirusWall NT ******

** No virus found in attached file noname.htm

Este correo ha sido revisado y esta libre de virus. Disclaimer
*****************     End of message     ***************

Current thread:

Strange Alerts Brett . Gillett (Apr 23)
- <Possible follow-ups>
- Re: Strange Alerts Neil Dickey (Apr 23)
  - Re: Strange Alerts Artur Bittencourt (Apr 23)
    - Re: Strange Alerts Erek Adams (Apr 23)
    - Re: Strange Alerts David Alonso De La Vega Tapage (Apr 23)
- Re: Strange Alerts Neil Dickey (Apr 23)
- Re: Strange Alerts Brett . Gillett (Apr 23)
- RE: Strange Alerts Allen, Garrett (Apr 23)
- Re: Strange Alerts Brett . Gillett (Apr 23)