Snort mailing list archives
RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP"
From: "Paul Melson" <pmelson () gmail com>
Date: Tue, 1 Nov 2005 09:54:33 -0500
I have 2 machines for which this traffic is "normal" I have looked for the
rule that
triggers SPECIFFICALLY this alert . I can't find it the SID is 1:151 but
there is no
matching description; this SID points to other alerts (BACKDOOR D e e p T
h r o a t 3.1
Client Sending Data to Server on Network). There is another BAD TRAFFIC
alert and I was able
to suppress that one. I was advised on the sonrt.org forum to upgrade from
2.4.0 to 2.4.1
but I made the jump to 2.4.2 and I am still getting overloaded with these
alerts. I have
tried the RTFM approach .. I have searched the snort forums and read
through any relevant
posts I can find .. All to no avail . any help would be greatly
appreciated. These alerts are generated by the Snort decoder. You can tune some aspects of the decoder from your snort.conf file. More here from TFM: http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/node10.html (See Table 2.1) PaulM ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Mike Kelley (Oct 17)
- Re: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Matt Kettler (Oct 17)
- Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Postmaster (Nov 01)
- RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Paul Melson (Nov 01)
- <Possible follow-ups>
- RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Mike Kelley (Oct 17)
- Re: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Matt Kettler (Oct 17)
- RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Mike Kelley (Oct 17)
- RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Mike Kelley (Oct 17)
- Re: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Matt Kettler (Oct 17)