[Snort-users] CyberKit 2.2 Ping, its driven me Nuts..

Bryan Irvine bryan.irvine at ...9066...
Mon Dec 29 09:50:04 EST 2003


I was getting in the neighborhood of 80,000 false positives a day.
It almost crippled the database server.  And cause _a lot_ of traffic
just to report. ACID was completely useless. My setup looks like this.

net1---\                                 /---net5
        \                               /
net2--\  \                             /  /--net6
       ----snort-----DB/ACID-----snort----
net3--/ /                              \  \--net7
       /                                \
net4--/                                  \---net8

Commenting it out _was_ adapting for me. :-)

--Bryan

On Mon, 2003-12-29 at 09:21, Erwin Van de Velde wrote:
> Hi,
> 
> Commenting it out will make you bind for internal infections!!!
> I don't think it is good to comment it out, just adapt it if you really want 
> to get rid of the alerts. Otherwise: filtering afterwards on alerts itself. 
> This way you will keep statistical information on virus activity, which can 
> be nice to show your boss :-)
> It's also a good thing to keep an eye on general internet activity and 
> commenting all those nasty alerts out isn't the way to do that.
> 
> Greetings,
> Erwin Van de Velde
> Student of Antwerp University
> Belgium
> 
> 
> 
> On Monday 29 December 2003 17:51, Bryan Irvine wrote:
> > I commented that rule out.
> >
> > On Mon, 2003-12-29 at 10:51, Chris N wrote:
> > > Fellow Snorters,
> > >
> > > Ok, I have had enough of this "CyberKit 2.2 Ping." How are some of you
> > > guys dealing with it? Do you just ignore(pass), log every one, or go and
> > > try to shut the offending hosts down? Although, trying to shutdown all
> > > the offending host could be a daunting task, since there are so dam many.
> > >
> > > Chris
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.net email is sponsored by: IBM Linux Tutorials.
> > > Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> > > Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> > > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: IBM Linux Tutorials.
> > Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> > Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list