[Snort-users] Snort rules help

Joel Esler jesler at ...1935...
Tue Jun 8 09:19:36 EDT 2010

My suggestion is to look into suppression.  Check README.thresholding in the doc/ directory of the Snort tarball

9:07 AM, on Jun 8, 2010, wrote:

> Hi all,
> I am getting may false alerts (spp_ssh) Protocol mismatch from 1 machine we use to scan our machines for open ports. I have tried everything I can think of so as not too have these alerts show up in BASE. All the alertds come from 1 IP Address so is there anything I can do so that they don't get written to the DB.

Joel Esler
Jabber: jesler at ...1935...

More information about the Snort-users mailing list