[Snort-users] How can I filter...
Fred.Edwards at ...2111...
Fri Jun 22 09:29:27 EDT 2001
apologies if the question was simple ;-)
another one however does come to mind... I get enormous "ICMP
Destination Unreachable" traffic from my DNS server hence the reason
for filtering it out...
is this a good idea? I get bombarded by line after line of these
alerts and it makes it tedious at best to distinguish any valid alerts
of this nature and an incredible pain to pick out other (what I would
suspect) more important alerts...
so again, is filtering out these a good idea?
----- Original Message -----
From: "Vitaly Osipov" <vosipov at ...2096...>
To: "Fred Edwards" <Fred.Edwards at ...2111...>
Cc: "snort-l" <snort-users at lists.sourceforge.net>
Sent: Friday, June 22, 2001 9:53 AM
Subject: Re: [Snort-users] How can I filter...
RTFM and comment out all the rules in icmp.conf (or maybe somewhere
in .conf files) which match the signature you don't want to be
Fred Edwards wrote:
> I have the feeling that this question has been asked more times then
> could count, but I would like a bit of help just the same...
> How can I filter out or remove the incredible amounts of "snort:
> Destination Unreachable" alerts that I get?
> Fred Edwards
> Library Systems Technician
> Patrick Power Library
> Saint Mary's University
> Halifax, Nova Scotia B3H 3C3
> Phone: (902) 420-5096
> Fax: (902) 420-5561
> E-mail: Fred.Edwards at ...2110...
> Website: http://www.stmarys.ca/administration/library/
> Quis custodiet ipsos custodes?
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users