Snort mailing list archives
Re: CyberKit 2.2 Ping, its driven me Nuts..
From: Bryan Irvine <bryan.irvine () kingcountyjournal com>
Date: Mon, 29 Dec 2003 09:49:14 -0800
I was getting in the neighborhood of 80,000 false positives a day. It almost crippled the database server. And cause _a lot_ of traffic just to report. ACID was completely useless. My setup looks like this. net1---\ /---net5 \ / net2--\ \ / /--net6 ----snort-----DB/ACID-----snort---- net3--/ / \ \--net7 / \ net4--/ \---net8 Commenting it out _was_ adapting for me. :-) --Bryan On Mon, 2003-12-29 at 09:21, Erwin Van de Velde wrote:
Hi, Commenting it out will make you bind for internal infections!!! I don't think it is good to comment it out, just adapt it if you really want to get rid of the alerts. Otherwise: filtering afterwards on alerts itself. This way you will keep statistical information on virus activity, which can be nice to show your boss :-) It's also a good thing to keep an eye on general internet activity and commenting all those nasty alerts out isn't the way to do that. Greetings, Erwin Van de Velde Student of Antwerp University Belgium On Monday 29 December 2003 17:51, Bryan Irvine wrote:I commented that rule out. On Mon, 2003-12-29 at 10:51, Chris N wrote:Fellow Snorters, Ok, I have had enough of this "CyberKit 2.2 Ping." How are some of you guys dealing with it? Do you just ignore(pass), log every one, or go and try to shut the offending hosts down? Although, trying to shutdown all the offending host could be a daunting task, since there are so dam many. Chris ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- CyberKit 2.2 Ping, its driven me Nuts.. Chris N (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. Roberto Suarez Soto (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. Erwin Van de Velde (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. Bryan Irvine (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. Erwin Van de Velde (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. Erwin Van de Velde (Dec 29)
- RE: CyberKit 2.2 Ping, its driven me Nuts.. Michael Steele (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. Bryan Irvine (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. Erwin Van de Velde (Dec 29)
- SUMMARY, CyberKit 2.2 Ping, its driven me Nuts.. Chris N (Dec 31)
- Re: SUMMARY, CyberKit 2.2 Ping, its driven me Nuts.. Jeff Kell (Dec 31)
- <Possible follow-ups>
- RE: CyberKit 2.2 Ping, its driven me Nuts.. CMartin (Dec 29)
- RE: CyberKit 2.2 Ping, its driven me Nuts.. Bryan Irvine (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. dlbox (Dec 29)
- RE: CyberKit 2.2 Ping, its driven me Nuts.. Thompson, Jimi (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. Matthew L. McCarty (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. Alexander Hampel (Dec 29)
- RE: CyberKit 2.2 Ping, its driven me Nuts.. CGhercoias (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. lindsay . hunt (Dec 30)