Snort mailing list archives
Re: Pulledpork doesn't disable some rules
From: JJC <cummingsj () gmail com>
Date: Tue, 15 Apr 2014 12:03:41 -0600
You could also change the flowbits set rule to a noalert JJC On Tue, Apr 15, 2014 at 12:28 AM, C. L. Martinez <carlopmart () gmail com>wrote:
On Mon, Apr 14, 2014 at 5:11 PM, waldo kitty <wkitty42 () windstream net> wrote:On 4/14/2014 3:32 AM, C. L. Martinez wrote:Cleanup.... removed 55 temporary snort files or directories from /tmp/tha_rules! Processing /data/config/etc/idpsuricata02/pulledpork/disablesid.conf.... Disabled 1:2009005 Disabled 1:2011582 Modified 2 rules Done Setting Flowbit State.... WARN - 1:2011582 is re-enabled by a check of the ET.http.javaclient.vulnerable flowbit![...]Uhmm .. How can I avoid this situation??disable the rules that rely on that flowbit as well as the rule(s) thatset it...--Thanks waldo and YM. After seeing the different possibilities, I am using threshold.conf to disable this alert. ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Pulledpork doesn't disable some rules C. L. Martinez (Apr 13)
- Re: Pulledpork doesn't disable some rules Y M (Apr 13)
- Re: Pulledpork doesn't disable some rules C. L. Martinez (Apr 14)
- Re: Pulledpork doesn't disable some rules C. L. Martinez (Apr 14)
- Re: Pulledpork doesn't disable some rules Y M (Apr 14)
- Re: Pulledpork doesn't disable some rules C. L. Martinez (Apr 14)
- Re: Pulledpork doesn't disable some rules Y M (Apr 14)
- Re: Pulledpork doesn't disable some rules C. L. Martinez (Apr 14)
- Re: Pulledpork doesn't disable some rules Y M (Apr 13)
- Re: Pulledpork doesn't disable some rules waldo kitty (Apr 14)
- Re: Pulledpork doesn't disable some rules C. L. Martinez (Apr 14)
- Re: Pulledpork doesn't disable some rules JJC (Apr 15)