Snort mailing list archives
RE: Strange Alerts
From: "Allen, Garrett" <Garrett.Allen () ser com>
Date: Wed, 23 Apr 2003 13:39:19 -0400
took me about 40 minutes last nite. i'm a slow typer and i edited the snort.conf file manually. hih. cheers -----Original Message----- From: David Alonso De La Vega Tapage [mailto:delavegad () bancoaliado com] Sent: Wednesday, April 23, 2003 1:28 PM To: Erek Adams Cc: Artur Bittencourt; snort-users () lists sourceforge net Subject: Re: [Snort-users] Strange Alerts Hi all .. aprox how much time to get snort-mysql-2.0.0.rpm .. ? only curios .. I'm already have my 1.9.1 function .. ! Erek Adams wrote: On Wed, 23 Apr 2003, Artur Bittencourt wrote: I have the same situation here. After I?ve upgraded to Snort 2.0.0 I?ve got a lot of alerts (more than 191000) with "(snort_decoder): T/TCP Detected" on my e-mail server. How do I turn this rule off ? Did you upgrade your snort.conf? If not, you need to. Then have a look in it. Up near the top, you'll see something like: # Configure the snort decoder: # ============================ # # Stop generic decode events: # # config: disable_decode_alerts # # Stop Alerts on experimental TCP options # # config: disable_tcpopt_experimental_alerts # # Stop Alerts on obsolete TCP options # # config: disable_tcpopt_obsolete_alerts # # Stop Alerts on T/TCP alerts # # config: disable_ttcp_alerts # # Stop Alerts on all other TCPOption type events: # # config: disable_tcpopt_alerts # # Stop Alerts on invalid ip options # config: disable_ipopt_alerts Uncomment the disable_ttcp_alerts line. ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf <http://thinkgeek.com/sf> _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users <https://lists.sourceforge.net/lists/listinfo/snort-users> Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users <http://www.geocrawler.com/redir-sf.php3?list=ort-users> _____ ****** Message from InterScan E-Mail VirusWall NT ****** ** No virus found in attached file noname.htm Este correo ha sido revisado y esta libre de virus. Disclaimer ***************** End of message ***************
Current thread:
- Strange Alerts Brett . Gillett (Apr 23)
- <Possible follow-ups>
- Re: Strange Alerts Neil Dickey (Apr 23)
- Re: Strange Alerts Artur Bittencourt (Apr 23)
- Re: Strange Alerts Erek Adams (Apr 23)
- Re: Strange Alerts David Alonso De La Vega Tapage (Apr 23)
- Re: Strange Alerts Artur Bittencourt (Apr 23)
- Re: Strange Alerts Neil Dickey (Apr 23)
- Re: Strange Alerts Brett . Gillett (Apr 23)
- RE: Strange Alerts Allen, Garrett (Apr 23)
- Re: Strange Alerts Brett . Gillett (Apr 23)