Same source/dest

[Keg <snrtlst () netscape net>]

I have disable 'bad traffic same src/dst' in bad-traffic rules but I 
just want to check with you my thoughts on that.
I was receiving a lot of those on port 25 for public ip and dmz ip of my 
mail server. My guess at this poitn is that the snort rule is triggered 
because each time mail is received or even ident lookup is done the 
traffic is passed between NATed ip and source ip of the mail sevrer, 
this in turn triggers the rule. That's why I disabled it (I was having 
new entry each second in Acid, you can guess how fast the database will 
be populated with those errors)
I just want to hear your opinion on that.....probably I shouldn't have 
done that?
--
Your favorite stores, helpful shopping tools and great gift ideas. 
Experience the convenience of buying online with Shop@Netscape! 
http://shopnow.netscape.com/



-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users