Snort mailing list archives
threshold.conf limit not working for me
From: Agus <agus.262 () gmail com>
Date: Tue, 26 Apr 2011 14:21:26 -0300
Hi guys, Im running snort 2903 and added this line to threshold.conf event_filter gen_id 0, sig_id 0, type limit, track by_dst, count 1, seconds 60 But when i start snort i see lots of this Apr 26 13:03:10 snor snort[25857]: [1:2010935:2] ET POLICY Suspicious inbound to MSSQL port 1433 [Classification: Potentially Bad Traffic] [Priority: 2]: {TCP} 10.10.x.131:58447 -> 10.10.x.21:1433 Apr 26 13:03:10 snor snort[25857]: [1:2010935:2] ET POLICY Suspicious inbound to MSSQL port 1433 [Classification: Potentially Bad Traffic] [Priority: 2]: {TCP} 10.10.x.100:53887 -> 10.10.x.21:1433 Apr 26 13:03:12 snor snort[25857]: [1:2010935:2] ET POLICY Suspicious inbound to MSSQL port 1433 [Classification: Potentially Bad Traffic] [Priority: 2]: {TCP} 10.10.x.131:58448 -> 10.10.x.21:1433 Apr 26 13:03:15 snor snort[25857]: [1:2010935:2] ET POLICY Suspicious inbound to MSSQL port 1433 [Classification: Potentially Bad Traffic] [Priority: 2]: {TCP} 10.10.x.114:64883 -> 10.10.x.21:1433 Apr 26 13:03:16 snor snort[25857]: [1:2010935:2] ET POLICY Suspicious inbound to MSSQL port 1433 [Classification: Potentially Bad Traffic] [Priority: 2]: {TCP} 10.10.x.131:58449 -> 10.10.x.21:1433 Is there something im missing? Thankss, Brahama ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- threshold.conf limit not working for me Agus (Apr 26)
- Re: threshold.conf limit not working for me waldo kitty (Apr 26)
- Re: threshold.conf limit not working for me Lay, James (Apr 26)
- Re: threshold.conf limit not working for me Agus (Apr 26)
- Re: threshold.conf limit not working for me Agus (Apr 26)
- Re: threshold.conf limit not working for me Russ Combs (Apr 26)
- Re: threshold.conf limit not working for me waldo kitty (Apr 27)
- Re: threshold.conf limit not working for me Lay, James (Apr 26)
- Re: threshold.conf limit not working for me waldo kitty (Apr 26)