Snort mailing list archives
RE: Snort duplicate signatures in table
From: "Vladimir" <pvm () napravlenie ru>
Date: Fri, 21 Apr 2006 11:18:35 +0400
There are two possible solutions: 1. You use BPF filter to avoid that both instances see the same traffic (why do you want to be alerted on both interfaces for the same packet?)
I use snort on 2 interfaces because I wait that some attacks can be going from DMZ to local net. If snort will listen only on external interface, then I risk pass potential attacks from DMZ to local net. But I have a lot of traffic from external to DMZ networks. And a lot of duplicates alerts. May be I have some errors in configuration snort? Does really important that snort listen on DMZ interface?
2. You insert all signatures in the database before you start snort. -> In this case all queries for signatures will succeed.
I think about this. But every time then I update snort rules, I need to insert fresh signatures to the database... I can do that. As a last resort... But I wan't to solve this problem by correct snort configuration... ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort duplicate signatures in table Vladimir (Apr 19)
- Re: Snort duplicate signatures in table Dirk Geschke (Apr 19)
- RE: Snort duplicate signatures in table Vladimir (Apr 19)
- Re: Snort duplicate signatures in table Dirk Geschke (Apr 19)
- RE: Snort duplicate signatures in table Vladimir (Apr 19)
- Re: Snort duplicate signatures in table Dirk Geschke (Apr 19)
- RE: Snort duplicate signatures in table Vladimir (Apr 20)
- Re: Snort duplicate signatures in table Dirk Geschke (Apr 20)
- RE: Snort duplicate signatures in table Vladimir (Apr 21)
- Re: Snort duplicate signatures in table Dirk Geschke (Apr 21)
- RE: Snort duplicate signatures in table Vladimir (Apr 19)
- Re: Snort duplicate signatures in table Dirk Geschke (Apr 19)