Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Disable a rule when another trigger

From: "Nerijus Krukauskas" <nkrukauskas () gmail com>
Date: Thu, 15 Jul 2010 11:56:13 +0300 (EEST)

On Thu, July 15, 2010 11:18, Flavian Dola wrote:

Hi,

Is there a way to tell snort to disable a specific rule when another
rule match a packet?

In fact, I have two rules that generate two different alerts on one frame.
Ideally, I would like to have just only one alert. And I don't want to
disable permanently one of these rules.


I guess, flowbits option is the answer.

-- 
http://nk99.org/



------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
Previous By Date Next
Previous By Thread Next

Current thread: