[Snort-sigs] Disabled rule still alerting
treusser at ...3727...
Wed Aug 29 14:15:59 EDT 2012
I've recently installed the latest 184.108.40.206 VRT ruleset along with the latest
ET rules (as of 8/27)
I'm getting TONS of hits for the following:
3:21355 (BAD-TRAFFIC potential dns cache poisoning attempt - mismatched
Here is my disablesid.conf:
# GPL ICMP_INFO
Here is an excerpt from my 'snort.rules' showing it is indeed commented-out:
# alert udp $EXTERNAL_NET 53 -> $HOME_NET any (msg:"BAD-TRAFFIC potential
dns cache poisoning attempt - mismatched txid"; sid:21355; gid:3; rev:2;
metadata: engine shared, soid 3|21355;)
Yet, I continue to get thousands of alerts. Can anybody help me figure out
how to turn these off?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs