[Snort-users] Stopping repeats in Snort/Acid

Madziarczyk, Jonathan than at ...3657...
Fri Jan 4 07:21:04 EST 2002


Hi,
 
I finally got my Snort box up and running with RH7.2/MySQL/ACID and it's
working great!  I even found a link on Cisco's web site to set up policy
based routing for my external router to block CodeRed/Nimda virus from even
entering my address space (useful for keeping the alerts down on snort).  If
anyone has a Cisco router and is interested:
http://www.cisco.com/warp/public/63/nimda.shtml
<http://www.cisco.com/warp/public/63/nimda.shtml> 
 
My question is this, I'm starting to get listings of people with "Kick-A$$
P0rn" (this appears to be coming through from people getting html spam
mail...among other things ;-)  When I look at ACID to get details on "K-A-P"
I get more alerts from my machine to the ACID box.  How do I keep these from
popping up?  By simply investigating 6 alerts in Acid, I can generate
hundreds of additional alerts.  What's my solution?
 
 
--If one synchronized swimmer drowns, do they all have to?
 
Thanks in advance
 
JonMad
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020104/c92eb9d0/attachment.html>


More information about the Snort-users mailing list