[Snort-users] Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP"

Mike Kelley mikek at ...12706...
Mon Oct 17 14:20:02 EDT 2005


That's an awfully big hammer to hit those two tiny IP's ... What other
alerts would I be disabling? 

config disable decode alerts ==> Turns off the alerts generated by the
decode phase of Snort.


I just want to suppress the alerts for 2 machines ... if other machines
on the network start doing that I'd be concerned and would want to know.

(I really appreciate the help and suggestions!!!) I was hoping for an
answer with finesse centered on disabling just that alert for just those
IP's 

Mike 


-----Original Message-----
From: Matt Kettler [mailto:mkettler at ...4108...] 
Sent: Monday, October 17, 2005 3:10 PM
To: Mike Kelley
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Can't suppress "(snort decoder) Bad Traffic
Same Src/Dst IP"

http://www.snort.org/docs/snort_htmanuals/htmanual_2.4/node10.html

see the config option "disable_decode_alerts"



Mike Kelley wrote:
> I have read and re-read those pages on the manual ... I find nothing
in
> the config <DIRECTIVES> area of the snort manual that hints it would
> help me suppress this traffic (system wide let alone for 2 IP's) ....
> help a blind PHB (<== Dilbertism) to see
> 
> 
> Mike 
> -----Original Message-----
> From: Matt Kettler [mailto:mkettler at ...4108...] 
> Sent: Monday, October 17, 2005 2:32 PM
> To: Mike Kelley
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Can't suppress "(snort decoder) Bad Traffic
> Same Src/Dst IP"
> 
> Mike Kelley wrote:
> 
>>I have 2 machines for which this traffic is "normal" I have looked for
>>the rule that triggers SPECIFFICALLY this alert ... I can't find it 
> 
> 
> This isn't a rule, it's an alert generated directly by the snort
decoder
> itself.
> 
>
http://www.networksecurityarchive.org/html/Snort-Signatures/2005-09/msg0
> 0066.html
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads,
discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list
> 





More information about the Snort-users mailing list