[Snort-users] Stopping repeats in Snort/Acid
than at ...3657...
Fri Jan 4 07:21:04 EST 2002
I finally got my Snort box up and running with RH7.2/MySQL/ACID and it's
working great! I even found a link on Cisco's web site to set up policy
based routing for my external router to block CodeRed/Nimda virus from even
entering my address space (useful for keeping the alerts down on snort). If
anyone has a Cisco router and is interested:
My question is this, I'm starting to get listings of people with "Kick-A$$
P0rn" (this appears to be coming through from people getting html spam
mail...among other things ;-) When I look at ACID to get details on "K-A-P"
I get more alerts from my machine to the ACID box. How do I keep these from
popping up? By simply investigating 6 alerts in Acid, I can generate
hundreds of additional alerts. What's my solution?
--If one synchronized swimmer drowns, do they all have to?
Thanks in advance
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users