[Snort-users] Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP"

Mike Kelley mikek at ...12706...
Mon Oct 17 14:13:58 EDT 2005


Are you suggesting I uncomment these one at a time until I find which
one works?


Mike 
-----Original Message-----
From: Jeff Kell [mailto:jeff-kell at ...6282...] 
Sent: Monday, October 17, 2005 3:03 PM
To: Mike Kelley
Subject: Re: [Snort-users] Can't suppress "(snort decoder) Bad Traffic
Same Src/Dst IP"

Mike Kelley wrote:
> I have read and re-read those pages on the manual ... I find nothing
in
> the config <DIRECTIVES> area of the snort manual that hints it would
> help me suppress this traffic (system wide let alone for 2 IP's) ....
> help a blind PHB (<== Dilbertism) to see

You need one or more of these:

> # 
> # Stop generic decode events:
> # 
> # config disable_decode_alerts 
> #
> # Stop Alerts on experimental TCP options
> #
> config disable_tcpopt_experimental_alerts
> # 
> # Stop Alerts on obsolete TCP options
> #
> # config disable_tcpopt_obsolete_alerts
> #
> # Stop Alerts on T/TCP alerts
> # 
> # config disable_ttcp_alerts
> # 
> # Stop Alerts on all other TCPOption type events:
> # 
> # config disable_tcpopt_alerts
> #
> # Stop Alerts on invalid ip options
> # 
> # config disable_ipopt_alerts

Jeff





More information about the Snort-users mailing list