Re: what is the command line to use ignore.rules - pass ip

[wkitty42 () windstream net]

On 01/25/2016 01:52 PM, hernani coelho wrote:
> 01/25-18:38:23.425307  [**] [129:15:1] Reset outside window [**]
> [Classification: Potentially Bad Traffic] [Priority: 2] {TCP}
> 2001:8a0:715b:a001:6468:ef70:1e41:e568:58261 ->
> 2606:2800:234:124e:17ca:871:eb2:2067:443

this is one of your internal IPs sending a RST to an outside IP... learn more 
about it at the following link...

https://www.google.com/search?q=snort+"Reset+outside+window";


then you might want to read about threshold.conf ;)

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!