Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: snort and clarckconnect gatway

From: "Chris Vaughan" <chrisv () parkavebank com>
Date: Thu, 24 Feb 2005 09:30:30 -0500
Add a suppress entry in your threshold.conf

That's the correct way.
 

 -----Original Message-----
From:   snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]  On Behalf Of 
Thomas Debost
Sent:   Thursday, February 24, 2005 9:14 AM
To:     snort-users () lists sourceforge net
Subject:        [Snort-users] snort and clarckconnect gatway

hi,

Snort pinpointed a weird (i think) behaviour.

My CC gateway periodically pings my ADSL router. this small network being
obviously considered as outside, snort raises an alert for each ICMP
packet. This is quite annoying as it is basically false alarm (isn't it?).

multiple solutions now:

1. add the network composed of the router and the external gateway to the
HOME_NETWORK.

2. comment out the correct signatures in /et/snort/icmp-info.rules.

3. block ICMP packets between the router and the gateway.

which one would be your favourite ?



Thanks

Tomdeb


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=ick
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: