RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP"

["Mike Kelley" <mikek () m-v-t com>]

Are you suggesting I uncomment these one at a time until I find which
one works?


Mike 
-----Original Message-----
From: Jeff Kell [mailto:jeff-kell () utc edu] 
Sent: Monday, October 17, 2005 3:03 PM
To: Mike Kelley
Subject: Re: [Snort-users] Can't suppress "(snort decoder) Bad Traffic
Same Src/Dst IP"

Mike Kelley wrote:
> I have read and re-read those pages on the manual ... I find nothing
in
> the config <DIRECTIVES> area of the snort manual that hints it would
> help me suppress this traffic (system wide let alone for 2 IP's) ....
> help a blind PHB (<== Dilbertism) to see

You need one or more of these:

> # 
> # Stop generic decode events:
> # 
> # config disable_decode_alerts 
> #
> # Stop Alerts on experimental TCP options
> #
> config disable_tcpopt_experimental_alerts
> # 
> # Stop Alerts on obsolete TCP options
> #
> # config disable_tcpopt_obsolete_alerts
> #
> # Stop Alerts on T/TCP alerts
> # 
> # config disable_ttcp_alerts
> # 
> # Stop Alerts on all other TCPOption type events:
> # 
> # config disable_tcpopt_alerts
> #
> # Stop Alerts on invalid ip options
> # 
> # config disable_ipopt_alerts

Jeff



-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users