[Snort-users] about false alarm.
samwun at ...6596...
Fri Sep 13 20:40:01 EDT 2002
I want to remove the alarm when my internal ip addr reached the esternal public IP addr. How can I do that in Snort?
[**] [1:1560:4] WEB-MISC /doc/ access [**]
[Classification: \x808-] [Priority: 2]
09/14/02-11:39:45.517755 192.168.1.5:1306 -> 126.96.36.199:80
TCP TTL:128 TOS:0x0 ID:12417 IpLen:20 DgmLen:377 DF
***AP*** Seq: 0x51E7E0FD Ack: 0x226C2FBE Win: 0xFBB8 TcpLen: 20
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0678]
[Xref => http://www.securityfocus.com/bid/318]
I don't think this is a valid alarm, it is false possitive, isn't it? hwo can I stop snort for logging these alrm?
And I also dont[ know why the Classification has Hex as its name.
More information about the Snort-users