[Snort-users] Snort rules help
jesler at ...1935...
Tue Jun 8 09:19:36 EDT 2010
My suggestion is to look into suppression. Check README.thresholding in the doc/ directory of the Snort tarball
9:07 AM, on Jun 8, 2010, wrote:
> Hi all,
> I am getting may false alerts (spp_ssh) Protocol mismatch from 1 machine we use to scan our machines for open ports. I have tried everything I can think of so as not too have these alerts show up in BASE. All the alertds come from 1 IP Address so is there anything I can do so that they don't get written to the DB.
Jabber: jesler at ...1935...
More information about the Snort-users