Snort mailing list archives
Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP"
From: "Postmaster" <postmaster () dnet net>
Date: Thu, 20 Oct 2005 00:05:27 -0400
Your meesage was accidentaly caught in our SPAM filtering system. We at Dnet internet solutions provide filtered internet access and it appears that the word deepthroat was in our blocked list. We apologize for any inconveniences. Postmaster Dnet.net ----- Original Message ----- From: Mike Kelley To: snort-users () lists sourceforge net Sent: Monday, October 17, 2005 4:27 PM Subject: SPAM-Phrase [Snort-users] Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" I have 2 machines for which this traffic is "normal" I have looked for the rule that triggers SPECIFFICALLY this alert . I can't find it the SID is 1:151 but there is no matching description; this SID points to other alerts (BACKDOOR D e e p T h r o a t 3.1 Client Sending Data to Server on Network). There is another BAD TRAFFIC alert and I was able to suppress that one. I was advised on the sonrt.org forum to upgrade from 2.4.0 to 2.4.1 but I made the jump to 2.4.2 and I am still getting overloaded with these alerts. I have tried the RTFM approach .. I have searched the snort forums and read through any relevant posts I can find .. All to no avail . any help would be greatly appreciated. Mike K
Current thread:
- Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Mike Kelley (Oct 17)
- Re: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Matt Kettler (Oct 17)
- Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Postmaster (Nov 01)
- RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Paul Melson (Nov 01)
- <Possible follow-ups>
- RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Mike Kelley (Oct 17)
- Re: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Matt Kettler (Oct 17)
- RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Mike Kelley (Oct 17)
- RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Mike Kelley (Oct 17)
- Re: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Matt Kettler (Oct 17)