Re: how to stop these UDP TCP alerts?

[jlarsson () altavoz net]

Do you mean this section... ?  What i mean is that i dont understand what these 
option do and what their explanations mean.. 
 
/Johan 
 
# Configure the snort decoder: 
# ============================ 
# 
# Stop generic decode events: 
# 
# config disable_decode_alerts 
# 
# Stop Alerts on experimental TCP options 
# 
config disable_tcpopt_experimental_alerts 
# 
# Stop Alerts on obsolete TCP options 
# 
config disable_tcpopt_obsolete_alerts 
# 
# Stop Alerts on T/TCP alerts 
# 
config disable_ttcp_alerts 
# 
# Stop Alerts on all other TCPOption type events: 
# 
# config disable_tcpopt_alerts 
# 
# Stop Alerts on invalid ip options 
# 
config disable_ipopt_alerts 
 
 
Quoting Erek Adams <erek () snort org>: 
 
> On Wed, 24 Sep 2003, jlarsson () altavoz net wrote: 
>  
> > I have scanned through mailinglists looking for which "false alerts" 
> these TCP 
> > checks will stop.   I get the following messages in my alert file 
> >
> > (snort_decoder): Short UDP packet, length field > payload length 
> > (snort_decoder) WARNING: TCP Header length exceeds packet length! 
> > (snort_decoder): Truncated Tcp Options 
> >
> > where can i find an explanation of what these means "Stop generic 
> decode event", 
> > "Stop alerts on experimental TCP options", etc. 
>  
> Have a look in snort.conf.  There's a whole section that deals with 
> those 
> types of alerts!  :) 
>  
> ----- 
> Erek Adams 
>  
>    "When things get weird, the weird turn pro."   H.S. Thompson 
>  


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users