Snort mailing list archives
Rule Suppression Bug
From: sekure <sekure () gmail com>
Date: Tue, 13 Jul 2004 10:33:27 -0400
I am not 100% sure that what I am seeing is a bug, perhaps someone can correlate. I am running Snort 2.1.3 and I was suppressing sig_id 1417 "SNMP request udp". Most of the time, this alert would be suppressed. However, due to the new functionality added in 2.1.3 where one packet can generate more than one alert, whenever rule 1892 "SNMP null community string attempt" is triggered, 1417 is triggered as well, EVEN THOUGH it is supposed to be suppressed. Is this intentional or a problem with some logic flow? -g- ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rule Suppression Bug sekure (Jul 13)