[Snort-users] Suppress OVERSIZE REQUEST-URI DIRECTORY alerts not working?

Aaron Giuoco agiuoco at ...131...
Tue Sep 28 07:04:37 EDT 2004


I was getting a lot of these OVERSIZE REQUEST-URI
DIRECTORY alerts when users searched eBay.  So I
decided to suppress all such alerts with the following
suppression rules in my threshold.conf file.

# suppress all OVERSIZE REQUEST-URI DIRECTORY alerts
going to eBay
suppress gen_id 1, sig_id 15, track by_dst, ip
66.135.192.0/19
suppress gen_id 1, sig_id 15, track by_dst, ip
216.113.160.0/19

But I am still getting alerts to these IPs.  Any ideas
as to why?

AG




		
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail




More information about the Snort-users mailing list