Snort mailing list archives

Previous By Date Next
Previous By Thread Next

False positives/Oink Code/Oinkmaster vs Pulled Pork?

From: PR <oly562 () gmail com>
Date: Thu, 06 Sep 2012 09:35:07 -0700
Hello,

I installed acidbase, snort-mysql, today. it's up and running, however I
still get this activity.

 #23-(1-2)
[snort]COMMUNITY SIP TCP/IP message flooding directed to SIP proxy
 2012-09-06
  08:37:33
91.189.91.13:80
192.168.1.15:49977
    TCP

sorry about the formating, cut/paste.


i was advised to mv from 2800 to 2900. So i did yet still i get this
"message flooding alert. it's annoying, how to go about tuning and
turning off this alert.

ALSO, i would like the rules to be updated, and i do have oink code, but
it's listed oddly on snort.org. I don't know which one to use, nor how
to use pulled pork, or oinkmaster so forth. What is the best link for
this info, and what are the simple steps i need to take to get rules
updating with oink code:

(removed the last few digits for security purposes
Oinkcode
      * 6d31c34a34b8e7d8a42751d16b50e3dda634xxxx
      * 6d31c34a34b8e7d8a42751d16b50e3dda634xxxx
      * 6d31c34a34b8e7d8a42751d16b50e3dda634xxxx
      * 3b0c3089435a4ca349130adeae083ef3c1a5xxxx

Which Code works for sure? the first or last? I do not remember which is
newest. the first 3 are the same by the way.


here is my version of snort.

snort -V

   ,,_     -*> Snort! <*-
  o"  )~   Version 2.9.2 IPv6 GRE (Build 78) 
   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team
           Copyright (C) 1998-2011 Sourcefire, Inc., et al.
           Using libpcap version 1.1.1
           Using PCRE version: 8.12 2011-01-15
           Using ZLIB version: 1.2.3.4


i look forward to your replies. thanks!

Oly aka pete


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: