Re: strem5 session hijacked produce a lot of alerts with lb firewalls

[Joel Esler <jesler () sourcefire com>]

Yes.  With a suppression.  Tie the suppression to an ip of the firewall.
 see threshold.conf for details (or README.filters)

On Wed, Apr 6, 2011 at 12:55 PM, carlopmart <carlopmart () gmail com> wrote:

> On 04/06/2011 06:49 PM, Joel Esler wrote:
> > Are you talking about gid:129, sid 9 and 10?
> Yes.
>
> > Comment them out in the preproc.rules, or suppress the alerts.
>
> I know but, can not be disabled for the firewalls (and only for the
> firewalls), for example??
>
>
>
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
>
> ------------------------------------------------------------------------------
> Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming
> smartphone on the nation's most reliable network.
> And it wants your games.
> http://p.sf.net/sfu/verizon-sfdev
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



-- 
Joel Esler | http://blog.snort.org | http://vrt-blog.snort.org |
http://blog.clamav.net
Twitter:  http://twitter.com/snort

------------------------------------------------------------------------------
Xperia(TM) PLAY
It's a major breakthrough. An authentic gaming
smartphone on the nation's most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users