[Snort-users] Snort rules help

Joel Esler jesler at ...1935...
Tue Jun 8 09:46:22 EDT 2010


Glad you got it figured out.

Joel

9:35 AM, on Jun 8, 2010, wrote:

> Thanks 
> 
> i was using the wrong id for the rule thats why it was not working.
> 
> Pat
> On Jun 8, 2010, at 9:19 AM, Joel Esler wrote:
> 
>> My suggestion is to look into suppression.  Check README.thresholding in the doc/ directory of the Snort tarball
>> 
>> 
>> 9:07 AM, on Jun 8, 2010, wrote:
>> 
>>> Hi all,
>>> 
>>> I am getting may false alerts (spp_ssh) Protocol mismatch from 1 machine we use to scan our machines for open ports. I have tried everything I can think of so as not too have these alerts show up in BASE. All the alertds come from 1 IP Address so is there anything I can do so that they don't get written to the DB.
>> 
>> --
>> Joel Esler
>> 302-223-5974
>> Jabber: jesler at ...1935...
>> 
>> 
> 
> Pat McNamara
> IT Systems Administrator
> .NU domain, Ltd.
> Worldnames, Inc.
> +1-508-359-5600 x116
> pmcnamara at ...14830...
> 
> 
> 
> 

--
Joel Esler
302-223-5974
Jabber: jesler at ...1935...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100608/7d53122d/attachment.html>


More information about the Snort-users mailing list