[Snort-users] Rule Suppression Bug

sekure sekure at ...11827...
Tue Jul 13 07:34:07 EDT 2004


I am not 100% sure that what I am seeing is a bug, perhaps someone can
correlate.

I am running Snort 2.1.3 and I was suppressing sig_id 1417 "SNMP
request udp".  Most of the time, this alert would be suppressed.
However, due to the new functionality added in 2.1.3 where one packet
can generate more than one alert, whenever rule 1892 "SNMP null
community string attempt" is triggered, 1417 is triggered as well,
EVEN THOUGH it is supposed to be suppressed.  Is this intentional or a
problem with some logic flow?

-g-




More information about the Snort-users mailing list