Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Suppressing the SCAN UPnP service alerts

From: Avery Rozar <Avery.Rozar () i-techsupport com>
Date: Wed, 25 Jun 2014 10:52:10 +0000
Look at suppression in the threshold.conf file.

For example;

suppress gen_id 1, sig_id 1917

# or suppress by sig_id and src host
suppress gen_id 1, sig_id 1917, track by_src, ip x.x.x.x

From: basant subba <basantsubba () gmail com<mailto:basantsubba () gmail com>>
Date: Wednesday, June 25, 2014 at 2:14 AM
To: "snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>" <snort-users () lists 
sourceforge net<mailto:snort-users () lists sourceforge net>>
Subject: [Snort-users] Suppressing the SCAN UPnP service alerts

When I run snort, I get  a lot of "SCAN UPnP service discover attempt" alerts with SID 1917? How do I suppress this 
alert? Which .rules file contains the signature corresponding to this alarm? Also is it something I should keep track 
of?

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: