[Snort-users] L3retriver alerts

Ian Macdonald secsnort at ...5528...
Thu Sep 5 06:43:10 EDT 2002


might be because of the space in the address range. I don't think you can do
that

Ian
----- Original Message -----
From: "Augustinho Catto" <Catto at ...6458...>
To: <snort-users at lists.sourceforge.net>
Sent: Wednesday, September 04, 2002 10:27 AM
Subject: [Snort-users] L3retriver alerts


> Dear gurus:
>
> We have an A.D. Server running inside our enclave network (for
> corporate servers) and, of course our workstations, inside of our
> internal network send packets to this server and this event is
> logged as "bad event" "IDS311/PING-SCANNER-L3RETRIEVER" .
> But this "ping" is necessary to our workstation, so to avoid this alert
> I created W2K_SERVER [10.20.200.73/32, 10.20.200.74/32] inside
> of our snort.conf.
>
> After that I modified icmp.rules file:
> "alert icmp $EXTERNAL_NET -> $W2K_SERVER .... ".
>
> In spite of this fact the snort is still given us this alert.
>
> How could I avoid its?
>
> TIA
> Catto
>
> Augustinho Valmor CATTO
> CNE - Analista de Suporte
> UNISINOS - Universidade do Vale do Rio dos Sinos
> Sao Leopoldo - RS - Brasil
> Phone: +55 xx 51 590-8386
> http://www.unisinos.br/institucional/estrutura/
>
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: OSDN - Tired of that same old
> cell phone?  Get a new here for FREE!
> https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list