Snort mailing list archives

Previous By Date Next
Previous By Thread Next

how to fast locate the rule by the alert?

From: Lin.Zhong () Dartmouth EDU (Lin Zhong)
Date: 15 Mar 2004 18:30:17 EST
I am trying to block some of the alert when using snort as IDS. Do you know how I can locate the rules for that 
specific alert?

Because I use snort to read the header, it create a lot of alert unwanted

like 

[**] [116:97:1] (snort_decoder): Short UDP packet, length field > payload length [**]
[Priority: 0] 
12/12-21:00:02.815941 129.170.16.4:0 -> 129.170.47.15:0
UDP TTL:62 TOS:0x0 ID:53952 IpLen:20 DgmLen:176
Len: 148

Do you know how I can get rid of them? 

Thanks,


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: