[Snort-users] how to ignore false triggers on a single host
isp at ...12699...
Mon Nov 22 08:40:10 EST 2004
Can't quit figure out how to ignore a single computer.
I have a computer which continously gets following alert. It is because it
is making lots of snmp requests which is what it is suppose to do. How do i
get snort to ignore a single host like this or just ignore this particular
[**] [1:1417:9] SNMP request udp [**]
[Classification: Attempted Information Leak] [Priority: 2]
11/21-03:37:59.626234 188.8.131.52:53965 -> 184.108.40.206:161
UDP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:118 DF
More information about the Snort-users