Re: [Snort-Users] BAD-TRAFFIC small or zero-sized tcp window

[Kevin Ross <kevross33 () googlemail com>]

You can either use threshold.conf to supress it or remove the
detect_anomalies (or whatever it is) from stream5 configuration in your
snort.conf (it will be in the tcp line, you will spot it. Read the snort
manual or stream5 if you want to make sure you remove it correctly so stream
5 is the same (basically if it is like option, option option, remove option
, to make sure you don't get ,, or something silly).


suppress gen_id 1, sig_id 1839006, track by_src, ip 194.189.116.0/23

On 26 October 2011 15:19, Anton Zaytsev <anton.zajtsev () gmail com> wrote:

> Hello,
>
> I have plenty of this messages during torrent downloading.
> System is Centos5 and client rtorrent.
> Snort signature information <http://rootedyour.com/snortsid?sid=3:15912> says
> that
> "This event is generated when an attempt is made to exploit a known
> vulnerability in Microsoft Windows"
> and
> "False Positives: None known."
>
> Tell please, how can I get rid of them.
>
> Anton
>
> --
> To post to this group, send email to snortusers () googlegroups com
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn 
about Cisco certifications, training, and career opportunities. 
http://p.sf.net/sfu/cisco-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!