Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Rule Suppression Bug

From: sekure <sekure () gmail com>
Date: Tue, 13 Jul 2004 10:33:27 -0400
I am not 100% sure that what I am seeing is a bug, perhaps someone can
correlate.

I am running Snort 2.1.3 and I was suppressing sig_id 1417 "SNMP
request udp".  Most of the time, this alert would be suppressed.
However, due to the new functionality added in 2.1.3 where one packet
can generate more than one alert, whenever rule 1892 "SNMP null
community string attempt" is triggered, 1417 is triggered as well,
EVEN THOUGH it is supposed to be suppressed.  Is this intentional or a
problem with some logic flow?

-g-


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: