Snort mailing list archives
finding which rule
From: Richard Smollett <yawningdogge () gmail com>
Date: Thu, 24 Jul 2014 15:02:34 -0400
I'm getting a lot of alerts that look like this. [**] [129:20:1] Snort Alert [129:20:1] [**] [Classification: Potentially Bad Traffic] [Priority: 2] 07/24-14:15:35.196146 172.28.61.104:22 -> 172.28.61. 88:20309 TCP TTL:64 TOS:0x10 ID:59076 IpLen:20 DgmLen:104 DF ***AP*** Seq: 0x8055FA2A Ack: 0x450C8A09 Win: 0x545 TcpLen: 20 How do I go about finding the rule that generated this alert?
------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck Code Sight - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- finding which rule Richard Smollett (Jul 24)
- Re: finding which rule Y M (Jul 24)
- Re: finding which rule Richard Smollett (Jul 24)
- Re: finding which rule Y M (Jul 24)
- Re: finding which rule Richard Smollett (Jul 24)
- Re: finding which rule Y M (Jul 24)
- Re: finding which rule Richard Smollett (Jul 24)
- Re: finding which rule Y M (Jul 24)
- Re: finding which rule Richard Smollett (Jul 25)
- Re: finding which rule Joel Esler (jesler) (Jul 25)
- Re: finding which rule waldo kitty (Jul 25)
- Re: finding which rule Richard Smollett (Jul 24)
- Re: finding which rule Y M (Jul 24)