Snort mailing list archives
Re: L3retriver alerts
From: "Ian Macdonald" <secsnort () dirk demon co uk>
Date: Wed, 4 Sep 2002 12:09:29 -0400
might be because of the space in the address range. I don't think you can do that Ian ----- Original Message ----- From: "Augustinho Catto" <Catto () atlas unisinos br> To: <snort-users () lists sourceforge net> Sent: Wednesday, September 04, 2002 10:27 AM Subject: [Snort-users] L3retriver alerts
Dear gurus: We have an A.D. Server running inside our enclave network (for corporate servers) and, of course our workstations, inside of our internal network send packets to this server and this event is logged as "bad event" "IDS311/PING-SCANNER-L3RETRIEVER" . But this "ping" is necessary to our workstation, so to avoid this alert I created W2K_SERVER [10.20.200.73/32, 10.20.200.74/32] inside of our snort.conf. After that I modified icmp.rules file: "alert icmp $EXTERNAL_NET -> $W2K_SERVER .... ". In spite of this fact the snort is still given us this alert. How could I avoid its? TIA Catto Augustinho Valmor CATTO CNE - Analista de Suporte UNISINOS - Universidade do Vale do Rio dos Sinos Sao Leopoldo - RS - Brasil Phone: +55 xx 51 590-8386 http://www.unisinos.br/institucional/estrutura/ ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- L3retriver alerts Augustinho Catto (Sep 04)
- Re: L3retriver alerts Erek Adams (Sep 04)
- Re: L3retriver alerts Ian Macdonald (Sep 05)