Snort mailing list archives
Re: [Snort-Users] BAD-TRAFFIC small or zero-sized tcp window
From: Kevin Ross <kevross33 () googlemail com>
Date: Wed, 26 Oct 2011 15:25:33 +0100
You can either use threshold.conf to supress it or remove the detect_anomalies (or whatever it is) from stream5 configuration in your snort.conf (it will be in the tcp line, you will spot it. Read the snort manual or stream5 if you want to make sure you remove it correctly so stream 5 is the same (basically if it is like option, option option, remove option , to make sure you don't get ,, or something silly). suppress gen_id 1, sig_id 1839006, track by_src, ip 194.189.116.0/23 On 26 October 2011 15:19, Anton Zaytsev <anton.zajtsev () gmail com> wrote:
Hello, I have plenty of this messages during torrent downloading. System is Centos5 and client rtorrent. Snort signature information <http://rootedyour.com/snortsid?sid=3:15912> says that "This event is generated when an attempt is made to exploit a known vulnerability in Microsoft Windows" and "False Positives: None known." Tell please, how can I get rid of them. Anton -- To post to this group, send email to snortusers () googlegroups com Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: [Snort-Users] BAD-TRAFFIC small or zero-sized tcp window Kevin Ross (Oct 26)
- Message not available
- Re: [Snort-Users] BAD-TRAFFIC small or zero-sized tcp window Kevin Ross (Oct 26)
- Message not available