[Snort-users] MAC Address Q...

World Internet Now! - Lists lists at ...2036...
Tue May 15 17:54:56 EDT 2001


I am new to snort, if fact, just installed it last week.  I am running it
under win32 and haven't had any problems so far.  However, I have received
thousands of "attacks" over the last 5 days.  Most of them I am sure are
false alarms, however, this is not my problem.  Over 80% of these are
traffic between mac addresses.  No IP address is logged.  Most are things
like IDS171/ping zeros or IDS162/ping-nmap-icmp and seem to be traffic
between my router and a select few other hosts.  Is this something that I
should be concerned with, and more importantly, if not, is there a way I can
make snort ignore the traffic or at least report the IP and not the mac?
TIA.





More information about the Snort-users mailing list