Snort mailing list archives

RE: Strange Alerts

From: "Allen, Garrett" <Garrett.Allen () ser com>
Date: Wed, 23 Apr 2003 13:39:19 -0400

took me about 40 minutes last nite.  i'm a slow typer and i edited the
snort.conf file manually.
 
hih.
 
cheers

-----Original Message-----
From: David Alonso De La Vega Tapage [mailto:delavegad () bancoaliado com]
Sent: Wednesday, April 23, 2003 1:28 PM
To: Erek Adams
Cc: Artur Bittencourt; snort-users () lists sourceforge net
Subject: Re: [Snort-users] Strange Alerts


Hi all ..  

aprox how much time to get snort-mysql-2.0.0.rpm .. ?   only curios ..  I'm
already have my 1.9.1  function .. !

Erek Adams wrote:


On Wed, 23 Apr 2003, Artur Bittencourt wrote:



  

         I have the same situation here. After I?ve upgraded to Snort 2.0.0

I?ve got a lot of alerts (more than 191000) with "(snort_decoder): T/TCP

Detected" on my e-mail server. How do I turn this rule off ?

    



Did you upgrade your snort.conf?  If not, you need to.



Then have a look in it.  Up near the top, you'll see something like:



  # Configure the snort decoder:

  # ============================

  #

  # Stop generic decode events:

  #

  # config: disable_decode_alerts

  #

  # Stop Alerts on experimental TCP options

  #

  # config: disable_tcpopt_experimental_alerts

  #

  # Stop Alerts on obsolete TCP options

  #

  # config: disable_tcpopt_obsolete_alerts

  #

  # Stop Alerts on T/TCP alerts

  #

  # config: disable_ttcp_alerts

  #

  # Stop Alerts on all other TCPOption type events:

  #

  # config: disable_tcpopt_alerts

  #

  # Stop Alerts on invalid ip options

  # config: disable_ipopt_alerts





Uncomment the disable_ttcp_alerts line.



-----

Erek Adams



   "When things get weird, the weird turn pro."   H.S. Thompson





-------------------------------------------------------

This sf.net email is sponsored by:ThinkGeek

Welcome to geek heaven.

http://thinkgeek.com/sf <http://thinkgeek.com/sf> 

_______________________________________________

Snort-users mailing list

Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net>


Go to this URL to change user options or unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users
<https://lists.sourceforge.net/lists/listinfo/snort-users> 

Snort-users list archive:

http://www.geocrawler.com/redir-sf.php3?list=ort-users
<http://www.geocrawler.com/redir-sf.php3?list=ort-users> 



  


  _____  


****** Message from InterScan E-Mail VirusWall NT ******



** No virus found in attached file noname.htm



Este correo ha sido revisado y esta libre de virus. Disclaimer

*****************     End of message     ***************

Current thread:

Strange Alerts Brett . Gillett (Apr 23)
- <Possible follow-ups>
- Re: Strange Alerts Neil Dickey (Apr 23)
  - Re: Strange Alerts Artur Bittencourt (Apr 23)
    - Re: Strange Alerts Erek Adams (Apr 23)
    - Re: Strange Alerts David Alonso De La Vega Tapage (Apr 23)
- Re: Strange Alerts Neil Dickey (Apr 23)
- Re: Strange Alerts Brett . Gillett (Apr 23)
- RE: Strange Alerts Allen, Garrett (Apr 23)
- Re: Strange Alerts Brett . Gillett (Apr 23)