[Snort-devel] Stream4 oddity2

Chris Green cmg at ...402...
Mon May 13 04:28:04 EDT 2002


Pascal Bouchareine <pb at ...858...> writes:

> Same here.
>
> I had a quick look to the code, the if (s4data.evasion_alert or alike..)
> is present for *most* alerts. However, despite my disable_ev._alerts,
> this still screams.. Gnhi ?

Fix applied to both branches.

>
> With an asymetric routing scheme and no state exchange between my sensors,
> this gives a *lot* (4000, 5000 per minute) of alerts of this kind.
>
> We will definitively need a way to mute this as code gets tuned,
> maybe with some degree of details [as far as this alerts on, say, a TTL 
> change, which here is not wanted].

set ttl_limit to 0 and you shouldn't be alerted to those
-- 
Chris Green <cmg at ...402...>
This is my signature. There are many like it but this one is mine.




More information about the Snort-devel mailing list