[Snort-users] Strange Alerts

Allen, Garrett Garrett.Allen at ...8966...
Wed Apr 23 10:34:11 EDT 2003

took me about 40 minutes last nite.  i'm a slow typer and i edited the
snort.conf file manually.

-----Original Message-----
From: David Alonso De La Vega Tapage [mailto:delavegad at ...7768...]
Sent: Wednesday, April 23, 2003 1:28 PM
To: Erek Adams
Cc: Artur Bittencourt; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Strange Alerts

Hi all ..  

aprox how much time to get snort-mysql-2.0.0.rpm .. ?   only curios ..  I'm
already have my 1.9.1  function .. !

Erek Adams wrote:

On Wed, 23 Apr 2003, Artur Bittencourt wrote:


         I have the same situation here. After I?ve upgraded to Snort 2.0.0

I?ve got a lot of alerts (more than 191000) with "(snort_decoder): T/TCP

Detected" on my e-mail server. How do I turn this rule off ?


Did you upgrade your snort.conf?  If not, you need to.

Then have a look in it.  Up near the top, you'll see something like:

  # Configure the snort decoder:

  # ============================


  # Stop generic decode events:


  # config: disable_decode_alerts


  # Stop Alerts on experimental TCP options


  # config: disable_tcpopt_experimental_alerts


  # Stop Alerts on obsolete TCP options


  # config: disable_tcpopt_obsolete_alerts


  # Stop Alerts on T/TCP alerts


  # config: disable_ttcp_alerts


  # Stop Alerts on all other TCPOption type events:


  # config: disable_tcpopt_alerts


  # Stop Alerts on invalid ip options

  # config: disable_ipopt_alerts

Uncomment the disable_ttcp_alerts line.


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


This sf.net email is sponsored by:ThinkGeek

Welcome to geek heaven.

http://thinkgeek.com/sf <http://thinkgeek.com/sf> 


Snort-users mailing list

Snort-users at lists.sourceforge.net <mailto:Snort-users at lists.sourceforge.net>

Go to this URL to change user options or unsubscribe:


Snort-users list archive:




****** Message from InterScan E-Mail VirusWall NT ******

** No virus found in attached file noname.htm

Este correo ha sido revisado y esta libre de virus. Disclaimer

*****************     End of message     ***************


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030423/e76c1f58/attachment.html>

More information about the Snort-users mailing list