Snort mailing list archives
stream4
From: "Steven Rudolph" <srudolph () iocenter net>
Date: Thu, 10 Apr 2003 11:53:05 -0400
Is it possible to ignore hosts in the stream 4 plug-in. I have some load balancers that send out traffic that alerts very frequently on this. I really do not want to log this traffic. Here is an example alert: [**] [111:1:1] (spp_stream4) STEALTH ACTIVITY (unknown) detection [**] 04/10-11:46:11.071796 aaa.bbb.131.12:1050 -> aaa.bbb.135.123:80 TCP TTL:62 TOS:0x0 ID:5451 IpLen:20 DgmLen:40 DF 1****R** Seq: 0x462F0BD0 Ack: 0x0 Win: 0x0 TcpLen: 20 Steve Rudolph, CCSA, CCSE Network Security Engineer Internet Operations Center
Attachment:
smime.p7s
Description:
Current thread:
- stream4 Steven Rudolph (Apr 10)
- Re: stream4 Erek Adams (Apr 10)
- Re: stream4 Chris Green (Apr 10)
- Re: stream4 Erek Adams (Apr 10)