[Snort-users] Snort rules help

Joel Esler jesler at ...1935...
Tue Jun 8 09:19:36 EDT 2010


My suggestion is to look into suppression.  Check README.thresholding in the doc/ directory of the Snort tarball


9:07 AM, on Jun 8, 2010, wrote:

> Hi all,
> 
> I am getting may false alerts (spp_ssh) Protocol mismatch from 1 machine we use to scan our machines for open ports. I have tried everything I can think of so as not too have these alerts show up in BASE. All the alertds come from 1 IP Address so is there anything I can do so that they don't get written to the DB.

--
Joel Esler
302-223-5974
Jabber: jesler at ...1935...





More information about the Snort-users mailing list