Re: Snort rules help

[Joel Esler <jesler () sourcefire com>]

Glad you got it figured out.

Joel

9:35 AM, on Jun 8, 2010, wrote:

> Thanks 
>
> i was using the wrong id for the rule thats why it was not working.
>
> Pat
> On Jun 8, 2010, at 9:19 AM, Joel Esler wrote:
>
> > My suggestion is to look into suppression.  Check README.thresholding in the doc/ directory of the Snort tarball
> >
> >
> > 9:07 AM, on Jun 8, 2010, wrote:
> >
> > > Hi all,
> > >
> > > I am getting may false alerts (spp_ssh) Protocol mismatch from 1 machine we use to scan our machines for open 
> > > ports. I have tried everything I can think of so as not too have these alerts show up in BASE. All the alertds come 
> > > from 1 IP Address so is there anything I can do so that they don't get written to the DB.
> >
> > --
> > Joel Esler
> > 302-223-5974
> > Jabber: jesler () sourcefire com
>
> Pat McNamara
> IT Systems Administrator
> .NU domain, Ltd.
> Worldnames, Inc.
> +1-508-359-5600 x116
> pmcnamara () nic nu

--
Joel Esler
302-223-5974
Jabber: jesler () sourcefire com

------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users