Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: how to disable "Short UDP packet, length field" alert?

From: Erek Adams <erek () snort org>
Date: Mon, 16 Jun 2003 10:49:00 -0400 (EDT)
On Mon, 16 Jun 2003, sb ch wrote:


I would like to disable this function, but I can't find any rule file
related.


It's not from a rule.  It's from the snort_decoder.  Check the comments
inside of snort.conf that come after these lines:

  # Configure the snort decoder:
  # ============================


So this alert has nothing related rule files.
How can I disable this logging?
Surely, I did like below, but alerts are continued.

var HOME_NET any ![210.xx.xx.xxx]
var EXTERNAL_NET any ![210.xx.xx.xxx]


I don't think you're setup right with those variables.  I'm guessing that
the network you want to watch is 210.xx.xx.xx.  If so, you might consider
changing that to:

        var HOME_NET 210.xx.xx.xx
        var EXTERNAL_NET !$HOME_NET

I think that would make the rules fire in a more sane manner.

[...snip...]

Cheers!


-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: