[Snort-users] strem5 session hijacked produce a lot of alerts with lb firewalls

Joel Esler jesler at ...1935...
Wed Apr 6 12:49:05 EDT 2011


Are you talking about gid:129, sid 9 and 10?

Comment them out in the preproc.rules, or suppress the alerts.

J

On Wed, Apr 6, 2011 at 12:41 PM, carlopmart <carlopmart at ...11827...> wrote:

> On 04/06/2011 01:41 PM, carlopmart wrote:
> > Hi all,
> >
> > Is it possible to restrict (or adjust) the level of alerts produced by
> > "check_session_hijacking" stream5 option when traffic through a cluster
> > of firewalls in load balancing mode?
> >
> > If I change load balancing by standby mode (active-passive), there will
> > be no alerts ...
> >
> > Thanks.
>
> Please, any help??
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
>
> ------------------------------------------------------------------------------
> Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming
> smartphone on the nation's most reliable network.
> And it wants your games.
> http://p.sf.net/sfu/verizon-sfdev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Joel Esler | http://blog.snort.org | http://vrt-blog.snort.org |
http://blog.clamav.net
Twitter:  http://twitter.com/snort
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110406/4af7bc0c/attachment.html>


More information about the Snort-users mailing list