Snort mailing list archives

Finding and Removing Rules

From: "Jones, Christopher \(Chris\) \(Maj\) via Snort-users" <snort-users () lists snort org>
Date: Fri, 7 Jul 2017 23:28:57 +0000

All,

There have been some difficult questions brought forward lately so here's an easy one.  I'm commenting out rules that 
are generating a bunch of alerts that don't appear to be risky.  Most rules are nicely named so I can find them in the 
appropriate rule file and comment them out.  This latest one is not so easy:

[**] [129:15:1] Reset outside window [**]
[Classification: Potentially Bad Traffic] [Priority: 2]

Two questions:

1.       How do I read the [129:15:1]?

2.       Is this rule in a regular rule file, preprocessor or other file?

Thanks very much.
CJ

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Finding and Removing Rules Jones, Christopher (Chris) (Maj) via Snort-users (Jul 07)
- <Possible follow-ups>
- Re: Finding and Removing Rules Al Lewis (allewi) via Snort-users (Jul 09)