Snort mailing list archives

Re: How can I configure ssh preprocessor??

From: Olaf Schreck <chakl () syscall de>
Date: Wed, 30 Mar 2011 18:27:12 +0200

Seems I spoke up too soon, fewer alerts but still coming.

I have reverted my "autodetect" change and and now use suppression like 
this:

---- snip threshold.conf ----
# suppress "ssh: Protocol mismatch" from XXXXX (putty?)
suppress gen_id 128, sig_id 4, track by_src, ip X.X.X.X
----

Which finally *does* solve the issue.


ciao,
chakl

------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself; 
WebMatrix provides all the features you need to develop and 
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

How can I configure ssh preprocessor?? carlopmart (Mar 30)
- Re: How can I configure ssh preprocessor?? carlopmart (Mar 30)
- Re: How can I configure ssh preprocessor?? Olaf Schreck (Mar 30)
  - Re: How can I configure ssh preprocessor?? carlopmart (Mar 30)
    - Re: How can I configure ssh preprocessor?? Olaf Schreck (Mar 30)
  - Re: How can I configure ssh preprocessor?? Olaf Schreck (Mar 30)