[Snort-users] L3retriver alerts
Catto at ...6458...
Wed Sep 4 07:30:03 EDT 2002
We have an A.D. Server running inside our enclave network (for
corporate servers) and, of course our workstations, inside of our
internal network send packets to this server and this event is
logged as "bad event" "IDS311/PING-SCANNER-L3RETRIEVER" .
But this "ping" is necessary to our workstation, so to avoid this alert
I created W2K_SERVER [10.20.200.73/32, 10.20.200.74/32] inside
of our snort.conf.
After that I modified icmp.rules file:
"alert icmp $EXTERNAL_NET -> $W2K_SERVER .... ".
In spite of this fact the snort is still given us this alert.
How could I avoid its?
Augustinho Valmor CATTO
CNE - Analista de Suporte
UNISINOS - Universidade do Vale do Rio dos Sinos
Sao Leopoldo - RS - Brasil
Phone: +55 xx 51 590-8386
More information about the Snort-users