Snort mailing list archives

Re: Suppressing the SCAN UPnP service alerts

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Wed, 25 Jun 2014 11:14:44 +0000

Should be in scan.rules. 

See the first word?  All in caps?  That's the category. Should be in that rule file. 

However, it looks like you are running a very old version of the rules.  You probably will want to update. 

--
Joel Esler
Sent from my iPhone

On Jun 25, 2014, at 2:18, "basant subba" <basantsubba () gmail com> wrote:

When I run snort, I get  a lot of "SCAN UPnP service discover attempt" alerts with SID 1917? How do I suppress this 
alert? Which .rules file contains the signature corresponding to this alarm? Also is it something I should keep track 
of?
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Suppressing the SCAN UPnP service alerts basant subba (Jun 24)
- Re: Suppressing the SCAN UPnP service alerts Avery Rozar (Jun 25)
  - Re: Suppressing the SCAN UPnP service alerts basant subba (Jun 25)
    - Re: Suppressing the SCAN UPnP service alerts basant subba (Jun 25)
- Re: Suppressing the SCAN UPnP service alerts Joel Esler (jesler) (Jun 25)
- Re: Suppressing the SCAN UPnP service alerts waldo kitty (Jun 25)
  - Re: Suppressing the SCAN UPnP service alerts basant subba (Jun 25)