Snort mailing list archives
im getting alot of FAlse alert that are making my /var partition fUll
From: soldier Mx <soldi3rmx () yahoo com mx>
Date: Sat, 17 Jan 2004 16:14:24 -0600 (CST)
hey,, im gettin tthis alert.,. every 2-3 seconds [**] [1:2004:1] MS-SQL Worm propagation attempt OUTBOUND [**] [Classification: Misc Attack] [Priority: 2] 01/17-16:07:18.519151 10.17.112.16:2526 -> 237.158.119.228:1434 UDP TTL:1 TOS:0x0 ID:40538 IpLen:20 DgmLen:404 Len: 376 [Xref => http://vil.nai.com/vil/content/v_99992.htm][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.com/bid/5310] and other ones, like ICMP enrechable.. In one minute i get like 1 megabyte of logs.!! of thoses alerts.. how could i delete thoses rules.. that are causing that alerts.. cuz im using gentoo linux, and that alert is with Microsoft... so what todo =? _________________________________________________________ Do You Yahoo!? La mejor conexión a internet y 25MB extra a tu correo por $100 al mes. http://net.yahoo.com.mx ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- im getting alot of FAlse alert that are making my /var partition fUll soldier Mx (Jan 17)