[Snort-users] how to disable "Short UDP packet, length field" alert?
erek at ...950...
Mon Jun 16 07:50:17 EDT 2003
On Mon, 16 Jun 2003, sb ch wrote:
> I would like to disable this function, but I can't find any rule file
It's not from a rule. It's from the snort_decoder. Check the comments
inside of snort.conf that come after these lines:
# Configure the snort decoder:
> So this alert has nothing related rule files.
> How can I disable this logging?
> Surely, I did like below, but alerts are continued.
> var HOME_NET any ![210.xx.xx.xxx]
> var EXTERNAL_NET any ![210.xx.xx.xxx]
I don't think you're setup right with those variables. I'm guessing that
the network you want to watch is 210.xx.xx.xx. If so, you might consider
changing that to:
var HOME_NET 210.xx.xx.xx
var EXTERNAL_NET !$HOME_NET
I think that would make the rules fire in a more sane manner.
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users