[Snort-users] strem5 session hijacked produce a lot of alerts with lb firewalls

Joel Esler jesler at ...1935...
Wed Apr 6 13:10:12 EDT 2011


Yes.  With a suppression.  Tie the suppression to an ip of the firewall.
 see threshold.conf for details (or README.filters)

On Wed, Apr 6, 2011 at 12:55 PM, carlopmart <carlopmart at ...11827...> wrote:

> On 04/06/2011 06:49 PM, Joel Esler wrote:
> > Are you talking about gid:129, sid 9 and 10?
> >
> Yes.
>
> > Comment them out in the preproc.rules, or suppress the alerts.
> >
>
> I know but, can not be disabled for the firewalls (and only for the
> firewalls), for example??
>
>
>
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
>
> ------------------------------------------------------------------------------
> Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming
> smartphone on the nation's most reliable network.
> And it wants your games.
> http://p.sf.net/sfu/verizon-sfdev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Joel Esler | http://blog.snort.org | http://vrt-blog.snort.org |
http://blog.clamav.net
Twitter:  http://twitter.com/snort
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110406/d09bca36/attachment.html>


More information about the Snort-users mailing list