Snort mailing list archives
Re: Network kernels params recommendations for snort_inline with nfqueue
From: "Will Metcalf" <william.metcalf () gmail com>
Date: Wed, 9 Jul 2008 19:10:16 -0500
Victors recomendations are fine.... Add the following to the top of your iptables script, you shouldn't be sending loopback traffic to snort_inline iptables -A INPUT -i lo -j ACCEPT On 7/4/08, carlopmart <carlopmart () gmail com> wrote:
Hi all, Finally I have a snort_inline 2.8.2.1 sensor with nfqueue support installed on my laptop and integrated with ossec ... But I have two questions: - Some recommendations about kernel params like Victor Julien publish in his blog: http://www.inliniac.net/blog/2008/01/23/improving-snort_inlines-nfq-performance.html?? - And a funcionality question: sometimes appears in snort's alert log entries like this: [**] [116:150:1] (snort decoder) Bad Traffic Loopback IP [**] [Priority: 3] 07/04-17:44:56.578830 127.0.0.1:55363 -> 127.0.0.1:25 TCP TTL:240 TOS:0x10 ID:0 IpLen:20 DgmLen:46 ***AP*** Seq: 0x2CB755E Ack: 0x339A7A9 Win: 0x8480 TcpLen: 20 This alert is relative to my postfix local smtp server ... How can I disable this type of alerts (only for 127.0.0.1 ip)?? Many thanks to all ... -- CL Martinez carlopmart {at} gmail {d0t} com ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Network kernels params recommendations for snort_inline with nfqueue carlopmart (Jul 04)
- Re: Network kernels params recommendations for snort_inline with nfqueue carlopmart (Jul 09)
- Re: Network kernels params recommendations for snort_inline with nfqueue Will Metcalf (Jul 09)
- Re: Network kernels params recommendations for snort_inline with nfqueue carlopmart (Jul 10)