Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP"

["Postmaster" <postmaster () dnet net>]

Your meesage was accidentaly caught in our SPAM filtering system. We at Dnet internet solutions provide filtered 
internet access and it appears that the word deepthroat was in our blocked list. We apologize for any inconveniences.

Postmaster
Dnet.net


----- Original Message ----- 
From: Mike Kelley 
To: snort-users () lists sourceforge net 
Sent: Monday, October 17, 2005 4:27 PM
Subject: SPAM-Phrase [Snort-users] Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP"


I have 2 machines for which this traffic is "normal" I have looked for the rule that triggers SPECIFFICALLY this alert 
. I can't find it the SID is 1:151 but there is no matching description; this SID points to other alerts (BACKDOOR D e 
e p T  h r o a t 3.1 Client Sending Data to Server on Network). There is another BAD TRAFFIC alert and I was able to 
suppress that one. I was advised on the sonrt.org forum to upgrade from 2.4.0 to 2.4.1 but I made the jump to 2.4.2 and 
I am still getting overloaded with these alerts. I have tried the RTFM approach .. I have searched the snort forums and 
read through any relevant posts I can find .. All to no avail . any help would be greatly appreciated.

 

Mike K