[Snort-users] Strange Alerts

Allen, Garrett Garrett.Allen at ...8966...
Wed Apr 23 10:34:11 EDT 2003


took me about 40 minutes last nite.  i'm a slow typer and i edited the
snort.conf file manually.
 
hih.
 
cheers

-----Original Message-----
From: David Alonso De La Vega Tapage [mailto:delavegad at ...7768...]
Sent: Wednesday, April 23, 2003 1:28 PM
To: Erek Adams
Cc: Artur Bittencourt; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Strange Alerts


Hi all ..  

aprox how much time to get snort-mysql-2.0.0.rpm .. ?   only curios ..  I'm
already have my 1.9.1  function .. !

Erek Adams wrote:


On Wed, 23 Apr 2003, Artur Bittencourt wrote:



  

         I have the same situation here. After I?ve upgraded to Snort 2.0.0

I?ve got a lot of alerts (more than 191000) with "(snort_decoder): T/TCP

Detected" on my e-mail server. How do I turn this rule off ?

    



Did you upgrade your snort.conf?  If not, you need to.



Then have a look in it.  Up near the top, you'll see something like:



  # Configure the snort decoder:

  # ============================

  #

  # Stop generic decode events:

  #

  # config: disable_decode_alerts

  #

  # Stop Alerts on experimental TCP options

  #

  # config: disable_tcpopt_experimental_alerts

  #

  # Stop Alerts on obsolete TCP options

  #

  # config: disable_tcpopt_obsolete_alerts

  #

  # Stop Alerts on T/TCP alerts

  #

  # config: disable_ttcp_alerts

  #

  # Stop Alerts on all other TCPOption type events:

  #

  # config: disable_tcpopt_alerts

  #

  # Stop Alerts on invalid ip options

  # config: disable_ipopt_alerts





Uncomment the disable_ttcp_alerts line.



-----

Erek Adams



   "When things get weird, the weird turn pro."   H.S. Thompson





-------------------------------------------------------

This sf.net email is sponsored by:ThinkGeek

Welcome to geek heaven.

http://thinkgeek.com/sf <http://thinkgeek.com/sf> 

_______________________________________________

Snort-users mailing list

Snort-users at lists.sourceforge.net <mailto:Snort-users at lists.sourceforge.net>


Go to this URL to change user options or unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users
<https://lists.sourceforge.net/lists/listinfo/snort-users> 

Snort-users list archive:

http://www.geocrawler.com/redir-sf.php3?list=ort-users
<http://www.geocrawler.com/redir-sf.php3?list=ort-users> 



  


  _____  


****** Message from InterScan E-Mail VirusWall NT ******



** No virus found in attached file noname.htm



Este correo ha sido revisado y esta libre de virus. Disclaimer

*****************     End of message     ***************



  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030423/e76c1f58/attachment.html>


More information about the Snort-users mailing list