[Snort-users] MAC Address Q...
World Internet Now! - Lists
lists at ...2036...
Tue May 15 17:54:56 EDT 2001
I am new to snort, if fact, just installed it last week. I am running it
under win32 and haven't had any problems so far. However, I have received
thousands of "attacks" over the last 5 days. Most of them I am sure are
false alarms, however, this is not my problem. Over 80% of these are
traffic between mac addresses. No IP address is logged. Most are things
like IDS171/ping zeros or IDS162/ping-nmap-icmp and seem to be traffic
between my router and a select few other hosts. Is this something that I
should be concerned with, and more importantly, if not, is there a way I can
make snort ignore the traffic or at least report the IP and not the mac?
More information about the Snort-users