Snort mailing list archives
Re: [Newbie] alert definition
From: Erek Adams <erek () snort org>
Date: Thu, 10 Jul 2003 06:48:16 -0400 (EDT)
On Thu, 10 Jul 2003, pingouin osmolateur wrote:
I ve just install snort and i ve a lot of alert NETBIOS NT NULL session RPC portmap proxy attempt UDP RPC portmap UDP proxy attempt I look for information to resolv this alert but i never found Can you help to stop this alert i don't want to use a pass rule
1) Look at the packet that triggered the alert and decide if it was legitimate traffic or a false positive. At this point, you can either disable the rule or use one of the following. 2) Use a pass rule. 3) Use a BPF filter. http://www.theadamsfamily.net/~erek/snort/ignore.txt Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.Net email sponsored by: Parasoft Error proof Web apps, automate testing & more. Download & eval WebKing and get a free book. www.parasoft.com/bulletproofapps _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- [Newbie] alert definition pingouin osmolateur (Jul 10)
- Re: [Newbie] alert definition Erek Adams (Jul 10)
- network shutdown on certain alerts Jason K. Boykin (Jul 21)