[Snort-users] stream4

Steven Rudolph srudolph at ...4612...
Thu Apr 10 08:54:04 EDT 2003


Is it possible to ignore hosts in the stream 4 plug-in.
I have some load balancers that send out traffic that alerts very
frequently on this.
I really do not want to log this traffic.
Here is an example alert:

[**] [111:1:1] (spp_stream4) STEALTH ACTIVITY (unknown) detection [**]
04/10-11:46:11.071796 aaa.bbb.131.12:1050 -> aaa.bbb.135.123:80
TCP TTL:62 TOS:0x0 ID:5451 IpLen:20 DgmLen:40 DF
1****R** Seq: 0x462F0BD0  Ack: 0x0  Win: 0x0  TcpLen: 20



Steve Rudolph, CCSA, CCSE
Network Security Engineer
Internet Operations Center

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3213 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030410/dc14c55c/attachment.bin>


More information about the Snort-users mailing list