Snort mailing list archives
Re: Snort rules help
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 8 Jun 2010 09:19:36 -0400
My suggestion is to look into suppression. Check README.thresholding in the doc/ directory of the Snort tarball 9:07 AM, on Jun 8, 2010, wrote:
Hi all, I am getting may false alerts (spp_ssh) Protocol mismatch from 1 machine we use to scan our machines for open ports. I have tried everything I can think of so as not too have these alerts show up in BASE. All the alertds come from 1 IP Address so is there anything I can do so that they don't get written to the DB.
-- Joel Esler 302-223-5974 Jabber: jesler () sourcefire com ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort rules help Pat McNamara (Jun 08)
- Re: Snort rules help Joel Esler (Jun 08)
- Message not available
- Re: Snort rules help Joel Esler (Jun 08)
- Message not available
- Re: Snort rules help Joel Esler (Jun 08)