RE: Address on my network generating many alerts

["Erik Mintz" <emintz () netforensics com>]

Now that you have identified the good traffic, you can adjust the rules
files, and add preprocessors for the valid traffic.

There are a few good snort books that get into detail on the subject, and
more specific questions can be answered here. I'd start with the online
docs, and then move on to some of the better books. I like O'Reilly's 'Snort
Cookbook.

-E

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Arthur DiSegna
Sent: Wednesday, April 26, 2006 2:43 PM
To: Snort
Subject: [Snort-users] Address on my network generating many alerts

 
Hello,

I just installed SNORT for the first time and have noticed one of my
servers generating a lot of traffic. Most of it is legitimate web
traffic. How can I exclude the normal traffic while maintaining
intrusion checks...

Thanks

AD


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd_________________________________________
______
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list