[Snort-users] spp_stream4 false positives..

McCammon, Keith Keith.McCammon at ...3497...
Mon Aug 12 11:46:17 EDT 2002


Un-comment disable_evasion_alerts in snort.conf.

> -----Original Message-----
> From: Preston Kutzner [mailto:grdnwsl at ...6600...]
> Sent: Monday, August 12, 2002 2:36 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] spp_stream4 false positives..
> 
> 
> This is probably a dumb question, but I'm getting a LOT of
> "(spp_stream4) possible EVASIVE RST detection" alerts since upgrading
> to 1.9.0beta2.  I was just wondering if there is a way to turn this
> particular alert off, seeing as how it's a preprocessor, and not in
> the "rules" per-se.  I'm still a newbie at using snort, and I was just
> curious on how to solve this problem, as I didn't have it with 1.8.7.
> Thanks in advance.
> 
> -- 
> Preston Kutzner | IT Manager
> Marketing Resources, Inc.
> 
> _________________________________________________________________
> The information transmitted is intended only for the person 
> or entity to
> which it is addressed and may contain confidential and/or privileged
> material.  Any review, retransmission, dissemination or other 
> use of, or
> taking of any action in reliance upon, this information by persons or
> entities other than the intended recipient is prohibited.   
> If you received
> this in error, please contact the sender and delete the 
> material from any
> computer.
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by: Dice - The leading online job board
> for high-tech professionals. Search and apply for tech jobs today!
> http://seeker.dice.com/seeker.epl?rel_code=31
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list