[Snort-users] Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP"
mikek at ...12706...
Mon Oct 17 13:25:26 EDT 2005
I have 2 machines for which this traffic is "normal" I have looked for
the rule that triggers SPECIFFICALLY this alert ... I can't find it the
SID is 1:151 but there is no matching description; this SID points to
other alerts (BACKDOOR DeepThroat 3.1 Client Sending Data to Server on
Network). There is another BAD TRAFFIC alert and I was able to suppress
that one. I was advised on the sonrt.org forum to upgrade from 2.4.0 to
2.4.1 but I made the jump to 2.4.2 and I am still getting overloaded
with these alerts. I have tried the RTFM approach .. I have searched the
snort forums and read through any relevant posts I can find .... All to
no avail ... any help would be greatly appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users