[Snort-users] Same source/dest
snrtlst at ...2792...
Tue Apr 1 13:27:10 EST 2003
I have disable 'bad traffic same src/dst' in bad-traffic rules but I
just want to check with you my thoughts on that.
I was receiving a lot of those on port 25 for public ip and dmz ip of my
mail server. My guess at this poitn is that the snort rule is triggered
because each time mail is received or even ident lookup is done the
traffic is passed between NATed ip and source ip of the mail sevrer,
this in turn triggers the rule. That's why I disabled it (I was having
new entry each second in Acid, you can guess how fast the database will
be populated with those errors)
I just want to hear your opinion on that.....probably I shouldn't have
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with Shop at ...2793...!
More information about the Snort-users