[Snort-sigs] thousands of false positive alerts: spp_asn1: ASN.1 Attack: Datum length > packet length

Matt Kettler mkettler at ...189...
Wed Jan 22 11:44:03 EST 2003

spp_asn1 is a preprocessor.. thus you can disable in by disabling the 
preprocessor asn1_decode line in your snort.conf.

I don't think there's currently any rate-limiting for alerts in snort, but 
it has been suggested and might appear in a future version.

At 07:26 PM 1/7/2003 +0530, Roman Varga wrote:
>3.) how can I disable this specific one rule, which cause me troubles (as 
>its not just a rule...it somhow uses gen-msg table...)?

More information about the Snort-sigs mailing list