[Snort-sigs] thousands of false positive alerts: spp_asn1: ASN.1 Attack: Datum length > packet length
mkettler at ...189...
Wed Jan 22 11:44:03 EST 2003
spp_asn1 is a preprocessor.. thus you can disable in by disabling the
preprocessor asn1_decode line in your snort.conf.
I don't think there's currently any rate-limiting for alerts in snort, but
it has been suggested and might appear in a future version.
At 07:26 PM 1/7/2003 +0530, Roman Varga wrote:
>3.) how can I disable this specific one rule, which cause me troubles (as
>its not just a rule...it somhow uses gen-msg table...)?
More information about the Snort-sigs