[Snort-users] Suppress alerts

Peter Rodger prodger2008 at ...131...
Fri Oct 14 11:22:33 EDT 2005


Hi all,

Currently
[snort] (portscan) Open Port unclassified
[snort] (portscan) UDP Portsweep unclassified
[snort] (http_inspect) BARE BYTE UNICODE ENCODING

Are generating too many alerts. I have attempted to
suppress these alerts in my snort.conf file like the
following:
suppress gen_id 122, sig_id 27:
suppress gen_id 122, sig_id 19:
suppress gen_id 119, sig_id 4:

But those alerts are still generating a lot as before.
 

I do not know why these alerts can not be surppressed?

Thanks,

Peter



		
__________________________________ 
Start your day with Yahoo! - Make it your home page! 
http://www.yahoo.com/r/hs




More information about the Snort-users mailing list