Snort mailing list archives
Re: Suppressing the SCAN UPnP service alerts
From: basant subba <basantsubba () gmail com>
Date: Wed, 25 Jun 2014 16:51:53 +0530
Thanks Joel that worked. On Wed, Jun 25, 2014 at 4:46 PM, basant subba <basantsubba () gmail com> wrote:
Thank You Avery for that information, but the problem with this solution is that it only suppresses the threats with matching source and destination IP address. I still get this alerts where the source and destination addresses are MAC addresses instead of IP addresses. It would be helpful if someone could tell me which .rules files contains the signature for this alarm, so that I can disable it manually. On Wed, Jun 25, 2014 at 4:22 PM, Avery Rozar < Avery.Rozar () i-techsupport com> wrote:Look at suppression in the threshold.conf file. For example; suppress gen_id 1, sig_id 1917 # or suppress by sig_id and src host suppress gen_id 1, sig_id 1917, track by_src, ip x.x.x.x From: basant subba <basantsubba () gmail com<mailto:basantsubba () gmail com>> Date: Wednesday, June 25, 2014 at 2:14 AM To: "snort-users () lists sourceforge net<mailto: snort-users () lists sourceforge net>" <snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net>> Subject: [Snort-users] Suppressing the SCAN UPnP service alerts When I run snort, I get a lot of "SCAN UPnP service discover attempt" alerts with SID 1917? How do I suppress this alert? Which .rules file contains the signature corresponding to this alarm? Also is it something I should keep track of?
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Suppressing the SCAN UPnP service alerts basant subba (Jun 24)
- Re: Suppressing the SCAN UPnP service alerts Avery Rozar (Jun 25)
- Re: Suppressing the SCAN UPnP service alerts basant subba (Jun 25)
- Re: Suppressing the SCAN UPnP service alerts basant subba (Jun 25)
- Re: Suppressing the SCAN UPnP service alerts basant subba (Jun 25)
- Re: Suppressing the SCAN UPnP service alerts Joel Esler (jesler) (Jun 25)
- Re: Suppressing the SCAN UPnP service alerts waldo kitty (Jun 25)
- Re: Suppressing the SCAN UPnP service alerts basant subba (Jun 25)
- Re: Suppressing the SCAN UPnP service alerts Avery Rozar (Jun 25)