[Snort-users] CyberKit 2.2 Ping, its driven me Nuts..

Bryan Irvine bryan.irvine at ...9066...
Mon Dec 29 09:51:03 EST 2003


Now the threshold thing seems like a good idea.

Maybe I will look at an upgrade to fix this.

Thanks for the info!

--Bryan

On Mon, 2003-12-29 at 09:35, CMartin at ...9696... wrote:
> Hey,
> 
> My 2 cents.. don't comment the line out.  I'm in the process of upgrading to
> snort 2.1.0 and there is a nifty file there called threshold.conf! Now, I
> briefly, and I mean briefly, looked into this file, and it appears to be
> used for creating alert thresholds so you can still alert on certain items
> but then limit the number reported to prevent your database and sensor from
> having a heart attack.  
> 
> But I wouldn't comment the line out completely.  Then through an update,
> uncomment the line.  Then be shocked to see that your network is
> experiencing an abnormal alert.
> 
> It's good to keep an eye on general network trends like Erwin said.  That
> Cyber Ping alert mainly started after the release of the "good fix" virus
> someone released to help stop the Blaster virus, but inadvertently gave all
> us snorters a HUGE headache with all the Cyber Kit Ping alerts :(
> 
> -----Original Message-----
> From: Erwin Van de Velde [mailto:erwin.vandevelde at ...10361...] 
> Sent: Monday, December 29, 2003 10:21 AM
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] CyberKit 2.2 Ping, its driven me Nuts..
> 
> Hi,
> 
> Commenting it out will make you bind for internal infections!!!
> I don't think it is good to comment it out, just adapt it if you really want
> 
> to get rid of the alerts. Otherwise: filtering afterwards on alerts itself. 
> This way you will keep statistical information on virus activity, which can 
> be nice to show your boss :-)
> It's also a good thing to keep an eye on general internet activity and 
> commenting all those nasty alerts out isn't the way to do that.
> 
> Greetings,
> Erwin Van de Velde
> Student of Antwerp University
> Belgium
> 
> 
> 
> On Monday 29 December 2003 17:51, Bryan Irvine wrote:
> > I commented that rule out.
> >
> > On Mon, 2003-12-29 at 10:51, Chris N wrote:
> > > Fellow Snorters,
> > >
> > > Ok, I have had enough of this "CyberKit 2.2 Ping." How are some of you
> > > guys dealing with it? Do you just ignore(pass), log every one, or go and
> > > try to shut the offending hosts down? Although, trying to shutdown all
> > > the offending host could be a daunting task, since there are so dam
> many.
> > >
> > > Chris
> > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.net email is sponsored by: IBM Linux Tutorials.
> > > Become an expert in LINUX or just sharpen your skills.  Sign up for
> IBM's
> > > Free Linux Tutorials.  Learn everything from the bash shell to sys
> admin.
> > > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: IBM Linux Tutorials.
> > Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> > Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list